PET Imaging Data Breach Exposes Over 15,000 Patients' Health Info

On May 9, 2025, PET Imaging of Houston, was impacted by the Integrated Oncology Network data breach. The breach was the result of an email phishing incident, which allowed unauthorized parties to access a limited number of employee email and SharePoint accounts between Dec. 13, 2024, and Dec. 16, 2024. The likely intent behind the unauthorized access was to further an email phishing scheme, but during the intrusion, certain emails and files containing sensitive patient information were accessed.

A detailed review determined that the compromised data included a broad range of personally identifiable information (PII) and protected health information (PHI) including names, addresses, Social Security numbers, dates of birth, financial account information, diagnosis details, lab results, medication and treatment information, health insurance and claims information, provider names, and dates of treatment.

The breach impacted at least 15,940 individuals across the United States, according to public disclosures. The incident was reported to the Texas Attorney General’s office on July 1, 2025, and to the U.S. Department of Health and Human Services on June 27, 2025.

The company notified affected patients by U.S. Mail, beginning June 27, 2025. The full notice to consumers is available as a PDF at the bottom of this page. For further details, the official disclosures can be found on the Texas Attorney General’s Data Security Breach Reports page, the U.S. Department of Health and Human Services breach portal, and the company’s public notice.

Which PET Imaging locations are affected?

According to public disclosures at the time of publishing, the following locations have been impacted:

• PET Imaging of Houston Medical Center
• PET Imaging of Dallas Northeast
• PET Imaging of Tulsa
• PET Imaging of The Woodlands
• PET Imaging of Northern Colorado
• PET Imaging of Sugar Land

PET Imaging's response

In response to the breach, PET Imaging’s parent organization, Integrated Oncology Network (ION), took immediate steps to investigate and contain the incident. The company engaged in a thorough review of all potentially impacted emails, attachments, and SharePoint files to determine the scope of information accessed. Upon completion of this review, ION began mailing notification letters to affected patients and oncology physician practices starting June 27, 2025.

To support those affected, ION has established a dedicated call center at 855-361-0308, available Monday through Friday from 8 a.m. to 8 p.m. Central Time, excluding major U.S. holidays. Patients are encouraged to review statements from their healthcare providers and insurance plans for any unauthorized services. If suspicious activity is detected, individuals should promptly contact their provider or health plan.

Recognizing the severity of the breach, which involved both PII and PHI, ION has implemented additional cybersecurity training for staff to help prevent similar incidents in the future. Given that the breach resulted from a phishing attack, affected individuals should remain vigilant for further phishing attempts or suspicious communications. Monitoring financial accounts and considering a credit report review may also be prudent, especially for those whose Social Security numbers were exposed.

More information about the organization can be found at PET Imaging’s website.