Southwest Urology, a specialty medical practice based in Ohio, experienced a data breach affecting at least 7,214 individuals. On May 9, 2025, Integrated Oncology Network (ION), a company that provides administrative services to Southwest Urology, determined unauthorized actors accessed certain email accounts and SharePoint files between December 13, 2024 and December 16, 2024.
Southwest Urology disclosed the cybersecurity incident to the U.S. Department of Health and Human Services on June 27, 2025. The data breach compromised both personally identifiable information (PII) and protected health information (PHI).
Exposed patient information includes names, addresses, dates of birth, Social Security numbers, financial account details, diagnosis information, lab results, medication details, treatment information, health insurance and claims data, provider names and dates of treatment. The information compromised in this breach could be used for identity theft, financial fraud or to gain unauthorized access to medical services.
In addition require state and federal disclosures, affected patients will be notified by Southwest Urology or Integrated Oncology Network.
If you receive a data breach notice from Southwest Urology or Integrated Oncology Network about, you may want to:
More information about the practice, its locations and services can be found on the Southwest Urology website.
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.