August 27, 2021
For more information call 800-708-1979. For media inquiries, contact Marjorie Clifton (202) 510-5275.
The call center is available Monday through Friday, 8:00 a.m. to 8:00 p.m., Central Time, except holidays.
FOR IMMEDIATE RELEASE
Austin Cancer Centers Experiences Security Breach
AUSTIN, TEXAS – Central Texas Medical Specialists PLLC dba Austin Cancer Centers (“Austin Cancer Centers”), a network of Austin-area cancer treatment centers, notified patients today of a security breach that was discovered on their system on August 4, 2021.
Austin Cancer Centers experienced a security incident involving unauthorized access and malware that was discovered on August 4, 2021. Upon discovery, and in an abundance of caution, the Centers immediately shut down their systems. Since discovery, Austin Cancer Centers has been working with law enforcement and experts to understand the scope of the breach, and address the issue by removing the malware and restoring and securing its systems. All the while, Austin Cancer Centers staff and doctors worked tirelessly to uphold their top standards of care for patients in the Austin area and maintain operations safely.
“We are deeply saddened and frustrated by this incident. Caring for our patients during medically stressful times in their life, is our core business. We apologize to our family of patients for any concern this may create, and we will do everything we can to remedy the situation and help them through necessary steps to ensure their safety.” Said Austin Cancer Center CEO, Laurie East.
Austin Cancer Centers offices are currently open and operations are fully restored. Austin Cancer Centers will continue to provide updates on their website as more information is available. Patients can also contact a toll-free information hotline at available to answer questions and guide patients through the process of accessing credit monitoring systems.
Experts have carefully examined the data affected by this breach and determined the incident began on July 21, 2021. The patient information potentially affected includes: Name, address, date of birth, insurance carrier name and medical notes. Some patients had their social security numbers affected and a limited number of patients had their credit card numbers affected. Affected patients will receive a letter with information and recommendations on how to implement safeguards in response to this incident. Out of concern for their those impacted, Austin Cancer Centers has arranged for affected patients to enroll in a free, online credit monitoring service and fraud insurance with coverage up to $1,000,000.
Austin Cancer Centers takes its patients’ privacy and the security of their information very seriously and is deeply sorry for any inconvenience this incident may have caused. Patients can contact Austin Cancer Centers representatives toll-free at 800-708-1979 for questions or to learn additional information. Patients also can write the practice at Austin Cancer Centers, Attn: Privacy Officer, 9715 Burnet Rd, Bldg 7, Ste 200, Austin, Texas 78758. Austin Cancer Centers will provide future updates, if any, on its website: https://austincancercenters.com/
For media inquiries, please contact:
For more information call 800-708-1979
Austin Cancer Centers experienced a security breach to their technology and information systems involving unauthorized access and malware, requiring the Austin Cancer Centers to shut down all of their technology platforms for a period.
When did this happen?
It was discovered, and systems were shut down, on August 4, 2021. Austin Cancer Centers brought in experts to carefully examine the data affected by this breach and determined the incident began on or around July 21, 2021.
Why did it take two weeks to discover?
The criminal attacker who accessed the system was very careful to not leave information that would allow the Austin Cancer Centers to discover their presence on the system.
Why did it take time to get information to us?
Unfortunately, with cyber breaches, your system can be susceptible to other attackers if you release information before the system is completely secured. Our priority has been keeping your data safe, and making sure we have every possible safety measure in place before releasing information.
What personal information was exposed?
The majority of those impacted had the following information affected: Their name, address, date of birth, insurance carrier name, and basic information related to their diagnosis or condition and billing related information. Some patients had their social security numbers affected. A limited number of patients had their credit card numbers affected. If you were impacted, you should receive a letter in the mail with details about your information impacted.
Was this a ransomware incident?
I’m sorry, in an effort to maintain security, and because this is an ongoing investigation, we cannot share additional information at this time. We will, however, be providing updates on our website when they are OK to release.
How many people are involved?
Out of abundance of caution, Austin Cancer Centers is notifying about 36,000 of our patient network. At this time we don’t believe it impacted our entire network, but we want to be cautious out of concern for our patients. New patients as of August 4, 2021 were definitively not impacted.
Have the police been/local authorities been notified?
Yes, federal law enforcement authorities were notified about the incident. A police report was filed with the Austin Police Department.
What are you doing to prevent this kind of loss from happening again?
We share your concern over security in the future. Austin Cancer Centers continues to work with law enforcement and a dedicated team of computer experts to insure the security of its system. Austin Cancer Centers has implemented additional technical safeguards and procedures to prevent this kind of incident from happening again, including, rigorous privacy and security training for Austin Cancer Centers’ entire staff.
What are the services being offered to patients impacted?
Out of care for network impacted, we have arranged for you to enroll for one year, free-of-charge, in an online credit monitoring service called Equifax Credit Watch™ Gold. Key features of this complimentary service include credit monitoring with email notifications, automatic fraud alerts, and up to $1,000,000 of identity theft services for certain out of pocket expenses resulting from identity theft.
Whether or not you enroll in credit monitoring, we recommend that you place a “Fraud Alert” on your credit file. Fraud Alert messages notify potential credit grantors to verify your identification before extending credit in your name in case someone is using your information without your consent. A Fraud Alert can make it more difficult for someone to get credit in your name. Call only one of the following three nationwide credit reporting companies to place your Fraud Alert: TransUnion, Equifax, or Experian. As soon as the credit reporting company confirms your Fraud Alert, they will also forward your alert request to the other two nationwide credit reporting companies so you do not need to contact each of them separately. The contact information for the three nationwide credit reporting companies is:
Equifax P.O. Box 740256, Atlanta, GA 30374. www.equifax.com (800) 685-1111
Experian P.O. Box 9554, Allen, TX 75013. www.experian.com (888) 397-3742
TransUnion P.O. Box 2000, Chester, PA 19016. www.transunion.com (800) 680-7289
Under federal law, you are also entitled to one free credit report once every 12 months from each of the above three major nationwide credit reporting companies. Call 1-877-322-8228 or make a request online at www.annualcreditreport.com.
Who should I contact if I have questions or want to enroll in monitoring?
Please call us back if you need more information or if you have additional questions. We can escalate your questions to the appropriate person who will respond within 48 hours of your request our toll-free hotline at 800-708-1979 to answer questions and guide you through any steps for monitoring.