Rocky Mountain Oncology Care Data Breach Affects 10,268

Published

July 8, 2025

Updated

July 8, 2025

Rocky Mountain Oncology Care

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

Rocky Mountain Oncology Care experienced a data breach that affected 10,268 individuals in the United States. On May 9, 2025, Integrated Oncology Network (ION), a company that owns and provides administrative services to Rocky Mountain Oncology Care, determined unauthorized actors accessed certain email accounts and SharePoint files between December 13, 2024 and December 16, 2024.

The breach was caused by a phishing attack, where cybercriminals tricked employees into revealing login credentials or clicking malicious links, allowing unauthorized access to patient data. The Integrated Oncology Network (ION) cyber security incident impacted multiple oncology practices and thousands of patients.

The data breach exposed both personally identifiable information (PII) and protected health information (PHI). Compromised information includes names, addresses, dates of birth, financial account information, Social Security numbers, diagnosis details, lab results, medication records, treatment information, health insurance and claims data, provider names, and dates of treatment.

Integrated Oncology Network began notifying oncology physician practices affected by the cybersecurity incident on June 13, 2025. Affected patients were notified by mail on June 27, 2025.

Rocky Mountain Oncology Care disclosed the data breach to the U.S. Department of Health and Human Services on June 27, 2025 and published the ION Notice of Email Phishing Incident on its own website.

Rocky Mountain Oncology Care's response

In addition to required state and federal disclosures, affected Rocky Mountain Oncology Care patients have been notified by mail.

If you receive a data breach notice from Rocky Mountain Oncology Care or Integrated Oncology Network about, you may want to:

Carefully review any notice or communication you receive and sign up for free credit monitoring services, if offered.
Monitor financial accounts and credit reports for signs of identity theft.
Consider placing fraud alerts or credit freezes with major credit bureaus.
Be cautious of unsolicited emails or phone calls requesting personal information.

More information about their providers and services can be found on the Rocky Mountain Oncology Care website.