Ransomware attacks once again put the personal information of innocent parties at risk after a data breach potentially exposed the medical records of more than 3 million people.
California-based Regal Medical Group announced in December 2022 that malicious hackers obtained information from the company and its affiliates, the Affiliated Doctors of Orange County (ADOC) Medical Group, Greater Covina Medical, and the Lakeside Medical Organization. says it suffered a data breach after accessing
and Notices posted on the websiteRegal explained that an employee first experienced problems accessing its servers on December 2, 2022, and further investigation revealed that malware had been planted on the servers, exfiltrating data. .
The data stolen during the attack was:
- client’s name
- social security number
- address
- date of birth
- telephone number
- Diagnosis and treatment
- Lab test results
- prescription data
- radiation report
- Number of health insurance subscribers
The medical records of 3.3 million people are believed to have been stolen.
Regal Medical Group has taken steps to contact individuals who may have been affected by the breach, and Norton LifeLock (ironically, Suffered its own security fears last month).
example of Letters sent to affected individuals filed with the California Attorney General’s Office.
What is not publicly disclosed at this time is how the cybercriminals first compromised Regal’s IT infrastructure and the ransomware groups that may have been involved in the attack.
Some ransomware groups have emphasized staying away from attacks against the healthcare industry. One exception is the Hive ransomware group. recently suspended After its website was forcibly shut down by an international crime-fighting agency, it revealed that they helped hundreds of victims decrypt their data for free.
Anyone who may be at risk of having their personal data exposed as a result of an attack should carefully monitor their account statements and credit bureau reports to avoid potential fraudsters who have misused the data. It is wise to be careful when contacted by more plausible.
