Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

3.3 Million Impacted by Ransomware Attack at California Healthcare Provider

The personal and health information of more than 3.3 million individuals was stolen in a ransomware attack at Regal Medical Group.

The personally identifiable information (PII) and protected health information (PHI) of more than 3.3 million individuals was stolen in a ransomware attack at California healthcare provider Regal Medical Group.

The incident took place on December 1, 2022, but was discovered only a week later, and impacted the Regal Medical Group and affiliates Lakeside Medical Organization, Affiliated Doctors of Orange County and Greater Covina Medical Group.

On February 1, Regal started sending breach notification letters to the impacted individuals, informing them that their data had been compromised in the incident.

Affected PII and PHI includes names, addresses, birth dates, phone numbers, Social Security numbers, diagnosis and treatment information, health plan member numbers, laboratory test results, prescription details, and radiology reports.

“On Friday, December 2, 2022, we noticed difficulty in accessing some of our servers. After extensive review, malware was detected on some of our servers, which we later learned resulted in the threat actor accessing and exfiltrating certain data from our systems,” Regal says in the notification letter.

On February 1, Regal informed the US Department of Health and Human Services about the incident, saying that more than 3.3 million individuals might have been impacted.

What the healthcare provider has not revealed was the type of ransomware that was used in the cyberattack and whether a ransom was paid.

However, it mentions in the notification letter that it worked with vendors to restore access to the impacted systems, which suggests that backups might have been used instead.

Advertisement. Scroll to continue reading.

According to a recent report from Emsisoft, over 200 government, education, and healthcare organizations in the US fell victim to ransomware attacks last year.

Last year, the US warned of Daixin Team and Royal ransomware attacks targeting healthcare providers, but other ransomware families are known to target the healthcare sector as well.

Last week, the US and South Korea issued a joint alert on North Korean government-backed threat actors using the Maui and H0lyGh0st ransomware in attacks targeting healthcare and other critical infrastructure organizations.

Related: Patient Information Compromised in Data Breach at San Diego Healthcare Provider

Related: Data Breach at Louisiana Healthcare Provider Impacts 270,000 Patients

Related: FBI Warns of Cyberattacks Targeting Healthcare Payment Processors

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Ransomware

Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Ransomware

Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Ransomware

Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company.