Ransomware hackers are getting more active.
Multiple medical groups in the Heritage Provider Network in California recently revealed that they had suffered a ransomware attack that exposed patients' personal information to cybercriminals.
Many of the affected medical groups under the network have already informed patients of what happened and are assisting wherever possible.
Heritage Provider Network Ransomware Attack Details
Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical revealed that they were hit with a ransomware attack that exposed patients' sensitive information.
According to a sample letter from Regal Medical Group, the cyberattack that collectively affected all four occurred on or about Dec. 1, 2022. However, they only became aware of the breach a week later despite noticing technical difficulties the following day.
The group then hired third-party cybersecurity experts to investigate the technical difficulties, revealing that malware had infected its servers. According to Bleeping Computer, the cybersecurity experts Regal hired determined that the organization's system needs to undergo a restoration process to remove the malware in question.
Based on the cybersecurity experts' findings, they determined that the hackers now know patients' full names, social security numbers (SSN), dates of birth, and addresses. They also made away with patients' Medical diagnoses and treatment, laboratory test results, prescription data, and radiology reports.
Last but not least, the hackers managed to steal their health plan member numbers and phone numbers.
Breach Portal of the U.S. Department of Health and Human Services Office for Civil Rights, exposed the personal information of 3,300,638 patients to the hackers, meaning that these people are now at risk of being targeted by criminals and cybercriminals alike if the affected multiple groups don't pay a ransom to prevent them from leaking.
You may be aware that Ransomware hackers often steal personal data to create further leverage when extorting healthcare organizations due to the data's sensitive nature.
What Are The Medical Groups Doing Now?
All four of them have collectively issued a notice of data breach at the start of the month and shared a sample letter with California's Attorney General's office earlier this week.
Additionally, Regal mentioned that it would cover patients' enrolment costs for a one-year subscription to Norton LifeLock. Interestingly, it also included instructions on how to subscribe to the cybersecurity service in its letter.
Furthermore, it added additional computer security protections and protocols to ensure that patients' personal information is protected from unauthorized access.
Regal also advised that patients can contact local law enforcement to file a police report should they suspect their personal information is being misused. Alternatively, they could also contact the Federal Trade Commission or review the information on identity theft the agency promulgated.
The patients should be on the lookout for fraud, spear phishing attempts, tracking, and even unwanted contact at their homes since the hackers managed to steal their full names, addresses, and phone numbers.
Related Article : Canadian Bookstore Indigo Suffers Cyberattack; Shuts Down Website