Hematology Oncology Consultants Data Breach: Social Security Numbers Compromised

Hematology Oncology Consultants, a private medical practice in Michigan that specializes in treating cancers and blood disorders, disclosed a data breach resulting from a ransomware attack on its computer network.

On or about Sept. 20, 2025, a cybersecurity attack targeted the network of Hematology Oncology Consultants.

A ransomware group known as Rhysida claimed responsibility for the attack. On Oct. 17, 2025, the group posted a message on the dark web using the Tor network, claiming to have obtained data from the organization.

On or about Feb. 12, 2026, the company learned that files containing personally identifiable information were compromised by an unauthorized actor as a result of the cyberattack.

Upon discovering the incident, the company took steps to secure its digital environment and launched an investigation with the assistance of cybersecurity specialists.

The types of information exposed in the breach included names combined with medical records and Social Security numbers.

The company completed its review on April 7, 2026.

Hematology Oncology Consultants sent notification letters to affected individuals dated April 24, 2026. The breach was reported to the Massachusetts Office of Consumer Affairs and Business Regulation on May 1, 2026.

Hematology Oncology Consultants' response to the breach

The company has set up a dedicated call center for individuals who have questions about the breach or need further assistance. The phone number is 855-954-9214, and representatives are available between 8 a.m. and 8 p.m. Eastern time, Monday through Friday, excluding holidays.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze on credit files by contacting any one of the three major credit bureaus: Equifax (1-800-525-6285), Experian (1-888-397-3742) or TransUnion (1-833-799-5355).
• Request free credit reports at AnnualCreditReport.com and review them closely for any accounts or inquiries that look unfamiliar.
• Monitor Explanation of Benefits statements from health insurers for medical services, prescriptions or equipment that were not received, since medical records were exposed in this breach.
• Report any suspicious activity promptly to financial institutions, local law enforcement or the Federal Trade Commission at 877-438-4338.
• Be cautious of phishing attempts that mention Hematology Oncology Consultants or reference this breach by name, as scammers sometimes use real data breaches to trick people into revealing additional personal information.
• Review bank and financial account statements regularly for unauthorized transactions, and contact the financial institution immediately if anything looks unfamiliar.