The Personally Identifiable Information (PII) and Protected Health Information (PHI) of over 3.3 million individuals were stolen in a ransomware attack that took place at the California healthcare provider Regal Medical Group. The attack occurred on December 1, 2022, but was discovered a week later and impacted the Regal Medical Group and its affiliates.
Details of the Attack:
Regal Medical Group reported that the attack took place on December 1, 2022, and was later discovered a week after. The attack impacted Regal Medical Group, Lakeside Medical Organization, Affiliated Doctors of Orange County and Greater Covina Medical Group, and resulted in the theft of PII and PHI data of over 3.3 million individuals.
The attack resulted in the theft of sensitive information including names, addresses, birth dates, phone numbers, Social Security numbers, diagnosis and treatment information, health plan member numbers, laboratory test results, prescription details, and radiology reports of the affected individuals.
Response by Regal Medical Group:
Regal Medical Group sent breach notification letters to the affected individuals informing them that their data had been compromised in the attack. In the notification letter, the healthcare provider reported that it noticed difficulty in accessing some of its servers on December 2, 2022. After extensive review, malware was detected on some of its servers, which led to the exfiltration of certain data from its systems.
Notification to the US Department of Health and Human Services:
Regal Medical Group informed the US Department of Health and Human Services about the incident on February 1, 2023, and reported that over 3.3 million individuals might have been impacted. However, the healthcare provider did not reveal the type of ransomware used in the attack and whether a ransom was paid.
Restoration of Systems:
Regal Medical Group mentions in its notification letter that it worked with vendors to restore access to the impacted systems, which suggests that backups might have been used instead.
Ransomware Attacks in the US:
According to a report by Emsisoft, over 200 government, education, and healthcare organizations in the US fell victim to ransomware attacks last year. The US warned of Daixin Team and Royal ransomware attacks targeting healthcare providers, but other ransomware families are known to target the healthcare sector as well.
Joint Alert by the US and South Korea:
Last week, the US and South Korea issued a joint alert on North Korean government-backed threat actors using the Maui and H0lyGh0st ransomware in attacks targeting healthcare and other critical infrastructure organizations.
The attack on Regal Medical Group highlights the importance of cybersecurity measures for healthcare providers. The theft of sensitive information of over 3.3 million individuals highlights the need for healthcare providers to take proactive measures to prevent such attacks in the future. The rise in ransomware attacks in the US highlights the need for organizations to implement robust cybersecurity measures to protect themselves and their customers from cyber threats.