Notice of Data Security Incident

Notice of Data Security Incident
Updated October 19, 2022

October 19, 2022 Seattle Cancer Care Alliance, which is now known as Fred Hutchinson Cancer Center, is providing notice of a security incident involving certain individuals’ protected health information and/or personal information. 

What Happened:
On March 26, 2022, we discovered that someone outside of Fred Hutch temporarily accessed an employee’s email account without authorization from March 25 to March 26, 2022.  

Upon learning of the situation, we contained the incident by securing the account to prevent further access and promptly began an internal investigation. We also retained a leading forensic security firm to further investigate the incident and confirm the security of our computer systems. Additionally, we have taken steps to help prevent a similar incident from happening in the future. Finally, we have notified federal law enforcement of the incident.   

As part of its investigation, Fred Hutch reviewed the contents of the email account, and we determined that the account contained certain individuals’ protected health information and/or personal information. The information in the email account varied by individual but included names, addresses, Social Security numbers, financial account information, medical information and/or health insurance information.

On May 25, 2022, Fred Hutch sent written notification to the first individuals whose protected health information and/or personal information was contained in the account and for whom Fred Hutch had contact information. 

As the investigation continued, we determined that more individuals were affected by this incident. We began sending additional written notification letters on October 19, 2022. 

Individuals should refer to the written notification letter they receive in the mail regarding steps they can take to protect themselves, including access to monitoring services if their Social Security or government identification numbers were found in the email account. Without this information, a third party should not be able to obtain credit in another person’s name.  

As a further precautionary measure, we recommend that individuals review their account statements, monitor their credit reports closely and notify their financial institutions if they detect unusual activity. They should also promptly report any fraudulent activity or suspected identity theft to proper law enforcement authorities, including the police and their state’s attorney general. 

Affected individuals may also wish to review the tips provided by the Federal Trade Commission, or FTC, on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit https://www.identitytheft.gov/#/ or call 1-877-ID-THEFT (1-877-438-4338).  

We apologize for any inconvenience or concern this incident might cause. Individuals seeking additional information may call a confidential, toll-free inquiry line at (855) 532-1265 from 6:00 a.m. to 3:30 p.m. PST, Monday through Friday (excluding some U.S. holidays).  

Last Modified, October 19, 2022