Centrelake Medical Group Discovers Servers Compromised and Virus Deployed

Share this article on:

Centrelake Medical Group, a network of 8 medical imaging and oncology centers in California, is notifying certain patients that some of their protected health information has been exposed as a result of a computer virus.

The computer virus was discovered in February 2019 when it prevented the medical group from accessing its files. The virus appears to be a form of ransomware, although no mention of ransomware or a ransom demand was made in the media notice issued by Centrelake.

Centrelake retained a computer forensics company to assist with the investigation to determine the scope of the attack and whether any files containing protected health information had been accessed or copied.

The investigation revealed an unauthorized individual had gained access to its servers on January 9, 2019. Prior to deploying the virus on February 19, 2019, the unauthorized individual was able to access the servers undetected.

It is not unusual for ransomware to be installed on systems after hackers have breached security defenses. In some cases, ransomware is deployed after the system has been investigated and all valuable data has been exfiltrated. In this case, the computer forensics company did not uncover any evidence to suggest patient information was accessed or copied during the time that system access was possible, and no reports have been received to suggest any attempted or actual misuse of data has occurred.

The servers accessed by the unauthorized third party contained software applications and files that may have contained the following types of patient information: Names, phone numbers, addresses, Social Security numbers, health insurance information, diagnoses, services performed, dates of service, medical record numbers, referring provider information, and driver’s license numbers.

Centrelake Medical Group has told patients to be alert to the possibility of data misuse and suggests patients should monitor their financial accounts, credit reports, and explanation of benefits statements for any sign of fraudulent activity. A toll-free number has been set up for patients to obtain further information, but it does not appear that patients are being provided with credit monitoring and identity theft protection services.

The Department of Health and Human Services’ Office for Civil Rights breach portal indicates 197,661 patients have been affected.

Author: HIPAA Journal

Share This Post On