This notice concerns an incident involving unauthorized third-party access to some of City of Hope’s systems and copying of files, including some that may have contained personal information.
On or about October 13, 2023, City of Hope became aware of suspicious activity on a subset of its systems and immediately instituted mitigation measures to minimize any disruption to its operations. City of Hope launched an investigation into the nature and scope of the incident with the assistance of a leading cybersecurity firm, which determined that an unauthorized third party accessed a subset of our systems and obtained copies of some files between September 19, 2023, and October 12, 2023. City of Hope has undertaken a detailed review of the files to determine the incident’s impact and has determined that some of these files may have contained personal information.
Related: CISA Proposes New Rule on Reporting Cyber Incidents
While the investigation remains ongoing, the impacted personal information identified thus far varies by individual but may have included name, contact information (e.g., email address, phone number), date of birth, social security number, driver’s license or other government identification, financial details (e.g., bank account number and/or credit card details), health insurance information, medical records and information about medical history and/or associated conditions, and/or unique identifiers to associate individuals with City of Hope (e.g., medical record number).
Upon discovery of this incident, City of Hope immediately instituted mitigation measures. They then promptly implemented additional and enhanced safeguards and enlisted the support of a leading cybersecurity firm to enhance the security of their network, systems, and data. They also launched a comprehensive investigation, identified individuals affected, reported the incident to law enforcement, and notified regulatory bodies.
City of Hope is providing identity monitoring services for two years, at no cost, to individuals whose information may have been involved.