Cancer care provider 21st Century Oncology Holdings Inc said it was investigating a breach of its computer network, but had no indication that patient information had been misused.
The Federal Bureau of Investigation had advised the company of the breach in November but had asked it to hold off on making an announcement so as to not impede the investigation, 21st Century Oncology said on Friday.
The Fort Myers, Florida-based company operates 145 cancer treatment centers in the United States and 36 in Latin America.
The company said an investigation by a forensics firm it had hired showed that the intruder may have gained access to its database in early October.
The database contains personal information of some patients, including their names, social security numbers, physicians, diagnoses and treatment, as well as insurance data, the company said.
The FBI said on Friday the investigation remained ongoing and no further comments would be provided for now.
21st Century Oncology is notifying about 2.2 million of its current and former patients that certain information may have been copied and transferred, the company said in a regulatory filing. (1.usa.gov/1LZ28Oe)
The company said it would offer one year of free identity protection services to the affected individuals.
(Reporting by Natalie Grover in Bengaluru; Editing by Saumyadeb Chakrabarty)