Golden State Radiation Oncology: 2,130 Patients Affected

Golden State Radiation Oncology experienced a data breach affecting multiple locations and tens of thousands of patients. The cybersecurity incident compromised both personally identifiable information (PII) and protected health information (PHI).

The breach occurred over a three-day period, from Dec. 13 to Dec. 16, 2024, due to an email phishing attack that resulted in unauthorized access of Integrated Oncology Network (ION) employee email and SharePoint accounts. Compromised information includes Social Security numbers, names, addresses, dates of birth, financial account information, diagnosis, lab results, medication, treatment information, health insurance and claims information, provider names, and dates of treatment.

Golden State Radiation Oncology disclosed the cybersecurity incident to the U.S. Department of Health and Human Services on June 27, 2025. The company also began notifying affected individuals by mail on the same date and published a Notice of Email Phishing Incident on its own website.

The data breach was also reported to the California Attorney General's office on July 15, 2025. At least 2,130 patients were impacted by the incident.

Golden State Radiation Oncology's response

In addition to required disclosures, affected patients can receive free Epiq Privacy Solutions ID credit monitoring services.

If you receive a data breach notice from Golden State Radiation Oncology or Integrated Oncology Network about, you may want to:

• Carefully review any notice or communication you receive and sign up for free Epiq Privacy Solutions ID credit monitoring offered.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

More information about their services can be found on the Golden State Cancer Center website.