Integrated Oncology Network Data Breach Exposes Sensitive Patient Information

In mid-December 2024, Integrated Oncology Network (ION) experienced a data breach involving unauthorized access to sensitive patient information. According to the company, the breach occurred between December 13 and December 16, 2024, when unauthorized parties gained access to a small number of email and SharePoint accounts.

The investigation, which concluded on May 9, 2025, determined that the likely intent of the intrusion was to carry out an email phishing scheme. However, during this period, certain emails and SharePoint files containing confidential patient data were also accessed.

The exposed information includes both personally identifiable information (PII) and protected health information (PHI) including Social Security numbers, names, addresses, dates of birth, financial account information, diagnosis details, lab results, medication information, treatment information, health insurance and claims data, provider names, and dates of treatment.

The breach’s severity is heightened by the nature of the data involved, which covers both financial and sensitive health information. While the company has not disclosed the exact number of affected individuals, the total number of people affected according to its vendors' data breach disclosures is 122,950.

The incident was publicly disclosed via ION’s official notice of email phishing incident.

Which healthcare providers have been impacted?

The Integrated Oncology Network data breach has impacted many of its vendors.

Public disclosures have confirmed the following vendors have been affected:

• Pet Imaging
• PET Imaging of Houston Medical Center: 1,236 affected
• PET Imaging of Dallas Northeast: 1,935 affected
• PET Imaging of Tulsa: 3,159 affected
• PET Imaging of The Woodlands: 2,978 affected
• PET Imaging of Northern Colorado: 4,824 affected
• PET Imaging of Sugar Land: 1,808 affected

• e+ Oncologics Louisiana: 8,270 affected
• Rocky Mountain Oncology Care: 10,268 affected

Integrated Oncology Network's response

In response to the breach, Integrated Oncology Network has taken several steps to notify and support affected individuals. On June 13, 2025, ION provided notifications to oncology physician practices whose patients may have been impacted. Beginning June 27, 2025, the company started mailing notification letters directly to those patients.

ION recommends that anyone who thinks they may have been affected carefully review statements from their healthcare providers and health insurance plans. If you notice any services or charges that you did not receive, you should contact your provider or health plan immediately. For questions or concerns about the incident, ION has established a dedicated call center at 855-361-0308, available Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time, except on major U.S. holidays.

If you are concerned that your information may have been involved, it is important to remain vigilant. Monitor your financial accounts, insurance statements, and credit reports for unusual activity. Promptly report any suspicious transactions to the relevant institutions.

For more information about the organization and its services, you can visit the Integrated Oncology Network website.