In an SEC filing for its initial public offering, Guardant Health disclosed that it had been the victim of a cyberattack earlier this summer, with hackers retrieving the personal health information of about 1,100 patients, including their Social Security numbers in some cases.
For five days in July, an unauthorized user gained access to an employee’s email account through a phishing attempt, and stole information including names, contact information, birthdates and medical diagnosis codes.
The company said it has tasked an independent cybersecurity firm to investigate, and that the forensic work is still ongoing. Guardant maintains its applications and data through a combination of on-site systems and cloud-based data centers, with portions managed by external security and infrastructure vendors.
“We plan to provide timely notices to the U.S. Department of Health and Human Services and certain state regulators, as well as to individuals affected,” Guardant wrote in its prospectus filed Sept. 6.
Writing in the filing’s “risk factors” section, the company described how it may be subject to penalties as a result, in addition to other costs relating to mitigating the incident.
“We continue to analyze the information that was accessed and intend to take additional steps to prevent future unauthorized access to our systems and the data we maintain, but we cannot guarantee that additional incidents will be avoided,” the company wrote.
Guardant’s preliminary IPO filing proposes to raise $100 million, though that number is subject to change, with the total number of shares and price per share not yet disclosed.
The Redwood City, California-based company raised $360 million last year to sequence tumor DNA from 1 million cancer patients—and describes its Guardant360 blood test as the most widely ordered comprehensive liquid biopsy on the market, with over 5,000 oncologists ordering more than 70,000 assays since its 2014 launch.