Jump to content
  • California medical group data breach impacts 3.3 million patients

    alf9872000

    • 440 views
    • 2 minutes
     Share


    • 440 views
    • 2 minutes

    Multiple medical groups in the Heritage Provider Network in California have suffered a ransomware attack, exposing sensitive patient information to cybercriminals.

     

    The medical groups impacted by the cyberattack are Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical.

     

    The entities collectively issued a notice of data breach at the start of the month and shared a sample letter with the California Attorney General's office earlier this week.

     

    Today, the healthcare organization reported on the U.S. Department of Health and Human Services breach portal that the data of 3,300,638 patients was exposed in the attack.

    Sensitive data were stolen in attack

    The data breach notification says the ransomware attack occurred on December 1, 2022, with Regal's employees noticing technical difficulties the following day.

     

    After engaging a third-party cybersecurity expert to help investigate, it was determined that malware had infected the organization's servers, so a system restoration process was initiated.

     

    Based on the review of the logs, the investigation determined that the following data had been compromised:

     

    • Full name
    • Social Security Number (SSN)
    • Date of birth
    • Address
    • Medical diagnosis and treatment
    • Laboratory test results
    • Prescription data
    • Radiology reports
    • Health plan member number
    • Phone number

     

    Ransomware actors steal this data to create further leverage when extorting healthcare organizations, taking advantage of the highly sensitive nature of medical data.

     

    Regal's notice encloses instructions on enrolling for one year of free credit monitoring via Norton LifeLock.

     

    "Regal understands the importance of safeguarding your personal information and takes that responsibility very seriously," reads the notice.

     

    "We will do all we can to assist any individuals whose personal information may have been compromised and help them work through the process."

     

    The healthcare organization says they have implemented additional security measures and stricter protocols to prevent similar incidents and safeguard sensitive patient information from unauthorized access.

     

    Impacted patients should look out for targeted phishing attacks, scams, social engineering, or extortion using stolen data.

     

    If you are unsure if an email or text is legitimate, ignore it or contact your doctor to confirm if it's valid.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...