Regal Medical Group Ransomware Attack Affects 3.3 Million Patients
Regal Medical Group, a San Bernardino, CA-based affiliate of the Heritage Provider Network, recently announced that it was attacked with ransomware. On December 2, 2022, employees experienced difficulty accessing data. Third-party cybersecurity experts were engaged to investigate the attack and assist with the HIPAA breach response and confirmed that malware had been used to encrypt files on some of its servers.
The forensic investigation confirmed that the attackers gained access to the email servers on or around December 1 and exfiltrated files before the ransomware was deployed. The review of those files confirmed they contained the protected health information of patients of Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical. The files contained information such as names, phone numbers, addresses, dates of birth, diagnosis and treatment information, laboratory test results, prescription data, radiology reports, health plan member numbers, and Social Security numbers.
Regal Medical Group said additional security measures have been implemented to protect against further attacks, such as email spam filtering, and affected individuals have been offered complimentary memberships to the Norton LifeLock credit monitoring service for 12 months.
The incident has been reported to the HHS’ Office for Civil Rights and indicates 3,388,856, individuals have been affected, which makes this the largest healthcare data breach to be reported this Year.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Southeast Colorado Hospital District Announces Email Account Breach
Southeast Colorado Hospital District has discovered a breach of a single email account. The security breach was detected on December 6, 2022, with the forensic investigation determining that the account was accessed by an unauthorized third party on multiple occasions between November 23 and December 5.
Southeast Colorado Hospital District reviewed all emails and attachments in the account and confirmed that the protected health information of 1,435 patients had been exposed. Affected individuals had one or more of the following types of information exposed: Name, Social Security number, driver’s license number, date of birth, medical treatment or diagnosis information, and/or health insurance information.
Notification letters were sent to the affected individuals on February 3, 2023. Complimentary credit monitoring and identity theft protection services have been offered to individuals whose Social Security numbers or driver’s license numbers were exposed.
