Synergy Radiation Oncology Data Breach Lawsuit Investigation
Was your most sensitive medical or financial data exposed without your consent? Synergy Radiation Oncology Medical Group has confirmed a cyber-attack that leaked patient information—including Social Security numbers and treatment details. Find out how to protect yourself and whether you can pursue compensation.
What Happened?
Synergy Radiation Oncology Medical Group (Synergy) learned on June 13, 2025 that an email-phishing attack against its parent administrative provider, Integrated Oncology Network (ION), had allowed intruders to access employee email and Microsoft SharePoint accounts from December 13–16, 2024.
Once discovered, Synergy filed the legally required notice with the California Attorney General on July 15, 2025 and began mailing letters to patients.
Information Confirmed Exposed
- Full names & addresses
- Social Security numbers
- Dates of birth
- Government-issued ID numbers
- Financial account details
- Diagnosis, lab results & medication data
- Treatment information and provider names
- Health-insurance and claims information
- Dates of service
How Synergy Is Responding
The healthcare group states it has:
- Secured the affected email and SharePoint accounts
- Enhanced employee phishing-prevention training
- Retained cybersecurity experts to harden its systems
- Offered 12 months of free Epiq Privacy Solutions ID credit monitoring to affected individuals
Your Immediate Action Plan
If you received a breach notice from Synergy or ION, you can take these steps right now:
- Enroll in the free credit monitoring—it costs nothing and can alert you to misuse.
- Place a fraud alert or credit freeze with the three major bureaus to block new-account fraud.
- Review bank, credit-card and insurance statements for unfamiliar activity.
- Report suspected identity theft immediately to the Federal Trade Commission at IdentityTheft.gov.
Can You File a Data Breach Lawsuit?
Healthcare providers must safeguard both PII and PHI under HIPAA and various state privacy statutes. When they fail, victims may pursue:
- Reimbursement for identity-theft expenses
- Time lost resolving fraud issues
- Out-of-pocket medical or legal costs
- Statutory damages where state law allows
Class-action investigations are actively evaluating Synergy’s liability. Submitting your details is free and helps attorneys determine whether you qualify for financial relief.
Timeline of Key Events
- Dec 13–16, 2024: Unauthorized access to ION email & SharePoint.
- Jun 13, 2025: ION notifies Synergy of the breach.
- Jul 15, 2025: Synergy files notice with California Attorney General.
- Jul 2025: Notification letters mailed to patients.
FAQ: Synergy Radiation Oncology Data Breach
What caused the Synergy Radiation Oncology data breach?
The incident began with a phishing attack that compromised ION employee email accounts, giving hackers access to sensitive patient data managed by Synergy.
How do I know if my information was leaked?
Synergy mailed letters to everyone whose data was in the accessed accounts. If your notice has an incident date of December 13–16, 2024, you were affected.
What data was exposed in the Synergy Radiation Oncology breach?
Exposed records may include your name, Social Security number, date of birth, medical diagnosis, lab results, insurance details and, in some cases, financial account information.
Is Synergy offering free credit monitoring?
Yes. Impacted patients can enroll in one year of complimentary Epiq Privacy Solutions ID credit monitoring and identity-theft protection.
Can I sue Synergy Radiation Oncology Medical Group?
Potentially. Multiple legal teams are reviewing whether Synergy complied with federal and state privacy laws. Completing a free case review is the first step toward compensation.
Does this affect patients outside California?
While the breach was reported to California regulators, any patient whose data was stored in the compromised ION accounts—regardless of state—could be impacted and may have legal rights.