SkinCure Oncology has learned that an unauthorized party gained access to certain SkinCure Oncology email accounts between June 23, 2023 and June 25, 2023.
Upon discovering the incident, we promptly secured those accounts and initiated an investigation. Based on the results of the investigation, we believe the unauthorized
party may have accessed certain files from those accounts. Out of an abundance of caution, we searched the email accounts for any personal information that could
have been viewed, and on December 6, 2023, we learned that some personal information was contained in the compromised email accounts. The type of information
that may have been viewed varied for each individual, but could have included names, date of birth, medical record number, medical history, health insurance
information, and for a limited number of individuals, Social Security number, driver’s license number, financial account and credit card information. Individuals whose
information SkinCure Oncology obtained as part of our relationship with a physician was more limited and included name, medical record number, medical history, and
health insurance information.
Thereafter, SkinCure Oncology has been working on its own and with its practice partners to locate addresses for, and notify, those individuals whose information was
involved as soon as possible. Beginning on June 28, 2024, on behalf of its practice partners, SkinCure Oncology began mailing notification letters to those individuals
whose information was involved in the incident and for whom SkinCure Oncology could obtain valid mailing addresses. SkinCure Oncology values and respects the
privacy of information entrusted to it and recognizes the inconvenience this incident may have caused.
Individuals should refer to the mailed notice regarding steps they can take to protect themselves. As a precautionary measure, individuals should remain vigilant to
protect against potential fraud and/or identity theft by, among other things, reviewing account statements and monitoring credit reports closely. If individuals detect any
suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained and report any fraudulent activity
or any suspected incidents of identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Individuals may also wish to
review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more
information, individuals may visit www.ftc.gov/idtheft or contact the FTC at 1-877-ID-THEFT (1-877-438-4338) or Federal Trade Commission, 600 Pennsylvania Avenue,
NW, Washington, DC 20580.
Individuals seeking additional information regarding the incident may call a confidential, toll-free inquiry line at (866) 528-8844 from 8:00 AM to 5:30 PM CST, Monday
through Friday, excluding major U.S. holidays.