Ransomware crooks steal 3m+ patients' medical records, personal info

2023-02-11 02:16

Several California medical groups have sent security breach notification letters to more than three million patients alerting them that crooks may have stolen a ton of their sensitive health and personal information during a ransomware infection in December.

According to the Southern California health-care organizations, which include Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical, the security breach happened around December 1, 2022.

Extortionists stole, among other things, from the medical groups: patients' names, social security numbers, addresses, dates of birth, diagnosis and treatment information, laboratory test results, prescription data, radiology reports, health plan member numbers, and phone numbers.

"Regal is taking steps to notify potentially impacted individuals of this breach to ensure transparency," the company's notification stated, adding it notified law enforcement and regulatory agencies about the ransomware attack.

Regal did not immediately respond to The Register's questions, including who is responsible for the attack and how they gained entry, how much money the crooks demanded and whether the health network paid the ransom.

While it's unclear who is responsible for the cyberattack - several ransomware gangs like to target healthcare facilities because the crooks assume the orgs will pay up - it's worth noting that in late January the FBI said it shut down Hive's ransomware network, seizing control of the notorious gang's servers and websites.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/11/ransomware_regal_medical_group/

#medical #ransomware