Skip to main content
Female doctor looks over a tablet with her patient

Marin Cancer Care Data Breach

Written by Joseph Lyon on . Posted in Data Breach.

Marin Cancer Care, a Greenbrae, California-based oncology practice serving patients throughout the greater Marin County region, has recently come under scrutiny following the disclosure of a network security incident that resulted in unauthorized access to patient data. The breach, now formally reported to federal regulators, raises important questions about institutional cybersecurity obligations and the legal remedies available to those whose information may have been compromised.

Healthcare data breaches continue to pose a significant threat to patient privacy across the United States, and California remains one of the most targeted states due to the concentration of major medical institutions and patient records.  The unauthorized disclosure of oncology-related records can compromise deeply personal medical information that patients entrust to their providers. Contact our data breach lawyers to learn more. 

What Happened at Marin Cancer Care?

Marin Cancer Care, in Greenbrae, California, is a longstanding cancer treatment facility offering medical oncology, hematology, radiation oncology, and a range of supportive care services including nutritional counseling and psychosocial support. Founded in 1952, the center has built decades of trust with the patients who depend on it during some of the most vulnerable moments of their lives.

That trust was shaken when the organization discovered unauthorized access to its network on or about December 8, 2015, with the breach itself having occurred on November 19, 2015. Upon discovering the intrusion, Marin Cancer Care engaged third-party cybersecurity investigators to assess the full scope of the incident. The investigation confirmed that unauthorized parties had gained access to files stored on the organization’s network.

The breach was formally disclosed to the U.S. Department of Health and Human Services (HHS) on February 6, 2026. As of the time of this writing, the total number of affected individuals has not been publicly confirmed, and the investigation remains ongoing.

What Information Was Exposed?

While the complete list of compromised data types continues to be investigated, healthcare data breaches of this nature typically expose a range of highly sensitive information. Patient records held by oncology centers routinely contain names, dates of birth, Social Security numbers, addresses, health insurance details, diagnosis codes, treatment histories, medication records, and financial account information.

California Law Protections for Breach Victims

California patients benefit from some of the strongest data privacy protections in the country. Several laws come into play in situations like this:

  • HIPAA: The Health Insurance Portability and Accountability Act establishes baseline protections for patient health information and requires covered entities to notify affected individuals and regulators following a qualifying breach. The delayed HHS disclosure in this case may itself raise compliance questions.
  • California Confidentiality of Medical Information Act (CMIA): Under the CMIA, healthcare providers that negligently release confidential medical information can face civil liability. Affected patients may be entitled to damages without needing to prove actual injury.
  • California Consumer Privacy Act (CCPA): For breaches involving certain categories of personal data, California consumers may have the right to seek statutory damages between $100 and $750 per consumer per incident, or actual damages if greater.

What Should Affected Patients Do Now?

If you believe you may have been affected by the Marin Cancer Care data breach, several steps can help mitigate harm and preserve your legal options. First, watch for any formal notification letter from the organization, which should detail what data was involved and what remediation the company is offering. Second, review your credit reports and explanation of benefits statements for any suspicious activity. Third, consider placing a fraud alert or credit freeze with the major credit bureaus. Finally, and perhaps most importantly, speak with a data breach attorney before accepting any settlement or signing any release of claims.

Why Hire The Lyon Firm for Your Data Breach Case?

At The Lyon Firm, we have dedicated significant resources to fighting for individuals whose private information has been compromised by corporate negligence. Data breach litigation is complex and it requires a deep understanding of both federal and state privacy law, technical forensics, and class action procedure. Our firm brings all of that to the table.

We represent clients on a contingency fee basis, meaning you pay nothing unless we recover compensation for you. If you received care at Marin Cancer Care and believe your information may have been exposed, contact The Lyon Firm today for a free, confidential case evaluation. You deserve answers — and you deserve an advocate who will fight to hold negligent organizations accountable.

CONTACT THE LYON FIRM

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.