Beverly Hills Oncology Reports 5-Day Data Breach

On Oct. 31, 2025, Beverly Hills Oncology Medical Group disclosed a cybersecurity incident after discovering unauthorized access to its internal network. An investigation revealed that a threat actor gained access and may have obtained sensitive information over a five-day period from Feb. 7 to Feb. 11, 2025.

The cyberattack compromised both personally identifiable information (PII) and protected health information (PHI) belonging to patients and possibly staff. Exposed information included full names, Social Security numbers, driver’s license numbers or other government identification numbers, financial account information, credit or debit card information, health insurance policy information, and key medical details including treatment information, diagnosis information, prescription information and other clinical data.

A review was completed on Oct. 13, 2025 and the medical group has begun notifying impacted current and former patients and staff by mail. The combination of PII and PHI makes the breach particularly dangerous, as it could be used for identity theft, financial fraud or medical identity theft.

Beverly Hills Oncology Medical Group disclosed the data breach to the California Attorney General on Oct. 31, 2025. The total number of individuals affected by the incident has not been publicly disclosed, but may include several thousand current and former patients.

Beverly Hills Oncology Medical Group's response

After detecting the breach, Beverly Hills Oncology Medical Group launched an investigation with the assistance of cybersecurity experts. In addition to required state and federal disclosures, the medical group is offering affected individuals free Epiq - Privacy Solutions ID credit and identity monitoring services.

If you receive a notice from Beverly Hills Oncology Medical Group about this breach, you may want to:

• Sign up for the free credit and identity monitoring services, offered by the healthcare organization.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

The medical group also established a dedicated assistance line for patients with questions at 855-291-2692, Monday through Friday, 9:00am to 9:00pm Eastern Time.