Skip to main content
Class Action Medical Device Litigation Class Action Medical Device Litigation

Beverly Hills Oncology Medical Group Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

Beverly Hills Oncology Medical Group, a California-based oncology practice treating cancer patients and operating under the name Beverly Hills Cancer Center, recently disclosed that it suffered a cybersecurity incident in February 2025. The breach took place over a short window—from February 7 to February 11, 2025—during which unauthorized access was gained to the practice’s network. An internal and third-party cybersecurity investigation concluded on October 13, 2025. Notification letters to impacted individuals began on October 31, 2025, in compliance with California law.

Though the exact number of individuals affected was not publicly disclosed, the nature of the data potentially exposed makes this a high-risk incident. The practice confirmed that full names, Social Security numbers, driver’s license or other government ID numbers, financial account or credit/debit card information, health insurance details, and medical data including diagnoses, prescriptions, treatment information and other clinical records may have been accessed. Because the breach involves both personally identifiable information (PII) and protected health information (PHI), the consequences for those impacted may extend far beyond a simple threat of fraud.

Contact our data breach lawyers to learn more about the incident to take the next steps following a data theft. 

Why This Breach is Concerning

When a healthcare provider that manages oncology treatment experiences a network intrusion, patients’ privacy is under particular threat. Medical histories associated with cancer care typically include deeply personal details—diagnoses, treatment regimens, prescription use, imaging results—making them especially sensitive.

With access to those records combined with identifiers like Social Security numbers, malicious actors could exploit this data for identity theft, medical identity theft, fraudulent insurance claims, or other misuse. The five-day window of unauthorized access suggests the actor may have had enough time to locate, copy or transfer data; the fact that an independent review was required highlights the serious security incident.

What You Can Do If You Were Notified

If you received a breach notification from Beverly Hills Oncology Medical Group, take the following steps immediately to protect yourself: enroll in any free identity-monitoring or credit-protection services being offered; review your credit reports and financial account statements for unusual activity; place a fraud alert or consider a credit freeze with one or more of the major credit bureaus; monitor your medical insurance statements and explanation of benefits (EOBs) for claims you did not authorize; and remain vigilant for phishing attempts or unsolicited contact that reference your name, treatment or insurer. It’s wise to keep a file of any communications you receive and document any suspicious activities you observe.

Legal Implications and Your Rights

Healthcare providers must comply with the Health Insurance Portability and Accountability Act (HIPAA), and in California they also must abide by state laws requiring timely notification of breaches affecting personal or health-related data. If Beverly Hills Oncology Medical Group failed to implement adequate security safeguards, failed to detect access in a reasonable timeframe, or delayed notification, affected individuals may have grounds for legal action.

Possible claims include negligence, breach of contract, violation of privacy laws and state consumer protection statutes. Even without proof of identity theft occurring, potential harm from the exposure of medical and financial data may support compensation for time, expense, monitoring costs and emotional distress.

Why Hire The Lyon Firm

If you believe you were impacted by the Beverly Hills Oncology Medical Group data breach, the The Lyon Firm is ready to assist. This law firm specializes in data-breach and privacy litigation, representing individuals whose confidential personal or medical records were exposed due to inadequate cyber protection.

The Lyon Firm will evaluate whether Beverly Hills Oncology Medical Group met its legal obligations, explain your rights and options and help you pursue compensation for the harm you may face. A free, confidential consultation is available so you can discuss your case without upfront cost or obligation.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.