A ransomware attack on several medical groups in California’s Heritage Provider Network exposed sensitive patient data to attackers.

Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical are the medical groups affected by the incident.

The organizations jointly released a notice of data breach at the beginning of the month and earlier this week. They provided the California Attorney General’s office with a template letter.

Also, read A data breach at Kaiser Permanente has exposed about 70K medical records.

The healthcare group disclosed today on the U.S. Department of Health and Human Services breach portal that three million three hundred thousand six hundred thirty-eight patients’ records were compromised in the attack.

Sensitive data were stolen in an attack

The ransomware attack allegedly occurred on December 1, 2022. According to the data breach notification, Regal’s staff noticed technical issues the following day.

It was discovered that malware had attacked the organization’s servers after enlisting a third-party cybersecurity expert to assist with the investigation. Consequently, a system restoration process was started.

The inquiry found that the following information had been compromised as a result of the logs being examined: full name, SSN, date of birth, address, the medical condition being diagnosed and being treated, Results of laboratory tests, prescription information, radiology reports, the member number of a health plan, and a phone number.

Taking advantage of the very sensitive nature of medical data, ransomware criminals steal. This information to gain more leverage when extorting healthcare businesses.

Instructions for signing up for a year of free credit monitoring through Norton LifeLock are included in Regal’s notification.

The alert states, “Regal recognizes the value of protecting your personal information and takes that obligation very seriously.”

We will try to help anyone whose personally identifiable information might have been compromised navigate the situation.

The medical facility claims to have added more security safeguards. However, more stringent standards to stop such occurrences and protect private patient data from unwanted access.

Affected patients should look for targeted phishing attempts, con games, social engineering, or data extortion.

If you are still determining whether an email or text is genuine, disregard it or get in touch with your doctor to find out.