The Bank of Cyprus Oncology Centre has confirmed that a malicious third party has published data unlawfully extracted from its systems, verifying initial indications that the Centre was the target of an actual data breach.
In a statement, the Centre said that since identifying the incident it has been cooperating with the Police, the Office of the Commissioner for Personal Data Protection and the Digital Security Authority, while working closely with specialised engineers and cybersecurity consultants to assess and contain the breach.
According to the Centre, it has now been confirmed that the perpetrators gained access to personal data belonging to patients as well as employee data. The attackers are threatening to disclose additional material to media outlets and on social media platforms.
The Centre noted that its management team is handling the case in full coordination with state authorities and following their instructions. It added that additional measures have already been implemented to strengthen the security of its systems.
Despite the breach, the Centre stressed that it remains committed to resolving the situation and protecting the personal data of its patients and staff. All operations continue as normal.