December ransomware attack leads to massive data breach from California health network

A network of healthcare facilities across California reported a data breach last week after suffering from a ransomware attack in December.

Some of the medical groups within the Heritage Provider Network posted notices on their websites and sent out notification letters on February 1 to more than 3.3 million patients informing them of a data breach that involved names, Social Security numbers, phone numbers and dates of birth, as well as information related to treatment, such as lab test results, prescription data, radiology reports and health plan numbers.

The groups affected are Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group and Greater Covina Medical Group. 

Heritage Provider Network did not respond to requests for comment about why some medical organizations were affected by the ransomware attack while other groups under the Heritage banner were not. 

According to notices released by the affected organizations, employees first had issues accessing some servers on December 2.  

“After extensive review, malware was detected on some of our servers, which a threat actor utilized to access and exfiltrate data. We hired third-party vendors experienced in this area to assist with our response to the incident,” the statement said.

The medical groups contacted law enforcement and reported the incident to the U.S. Department of Health and Human Services, as well as California's attorney general. 

The organizations are providing victims with one year of credit monitoring services from Norton LifeLock and “computer security protections and protocols” to ensure personal information is “protected from unauthorized access.”

A call line has also been set up for those with further questions. 

Ransomware attacks on hospitals and healthcare facilities have now become a weekly occurrence, typically disrupting services initially and then resulting in the theft of sensitive patient data. 

Last week, a Tallahassee, Florida, hospital was forced to divert patients to other facilities and cancel all non-emergency surgical procedures due to a ransomware attack, while the biggest children’s hospital in Canada was crippled by a Christmas ransomware incident. 

A Sophos survey published in May 2022 found that two-thirds of healthcare organizations had been targeted by ransomware in the previous year, nearly double the amount in 2020. Ransomware has become so prevalent that the U.S. Department of Health and Human Services has published reports on ransomware groups, including Royal, Cuba, Venus, Lorenz and Hive.