Medical data

Multiple medical groups in the Heritage Provider Network in California have suffered a ransomware attack, exposing sensitive patient information to cybercriminals.

The medical groups impacted by the cyberattack are Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical.

The entities collectively issued a notice of data breach at the start of the month and shared a sample letter with the California Attorney General's office earlier this week.

Today, the healthcare organization reported on the U.S. Department of Health and Human Services breach portal that the data of 3,300,638 patients was exposed in the attack.

Sensitive data were stolen in attack

The data breach notification says the ransomware attack occurred on December 1, 2022, with Regal's employees noticing technical difficulties the following day.

After engaging a third-party cybersecurity expert to help investigate, it was determined that malware had infected the organization's servers, so a system restoration process was initiated.

Based on the review of the logs, the investigation determined that the following data had been compromised:

  • Full name
  • Social Security Number (SSN)
  • Date of birth
  • Address
  • Medical diagnosis and treatment
  • Laboratory test results
  • Prescription data
  • Radiology reports
  • Health plan member number
  • Phone number

Ransomware actors steal this data to create further leverage when extorting healthcare organizations, taking advantage of the highly sensitive nature of medical data.

Regal's notice encloses instructions on enrolling for one year of free credit monitoring via Norton LifeLock.

"Regal understands the importance of safeguarding your personal information and takes that responsibility very seriously," reads the notice.

"We will do all we can to assist any individuals whose personal information may have been compromised and help them work through the process."

The healthcare organization says they have implemented additional security measures and stricter protocols to prevent similar incidents and safeguard sensitive patient information from unauthorized access.

Impacted patients should look out for targeted phishing attacks, scams, social engineering, or extortion using stolen data.

If you are unsure if an email or text is legitimate, ignore it or contact your doctor to confirm if it's valid.

Related Articles:

Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach

Change Healthcare hacked using stolen Citrix account with no MFA

UnitedHealth confirms it paid ransomware gang to stop data leak

United Nations agency investigates ransomware attack, data theft

GHC-SCW: Ransomware gang stole health data of 533,000 people