A number of Californian healthcare providers have recently fallen victim to a spate of ransomware attacks. The attacks targeted data within the Heritage Provider Network which includes Regal Medical Group, Lakeside Medical Organization, Greater Covina Medical, and the ADOC Medical Group. These organizations had collectively issued a notice of data breach at the beginning of February 2023. The notice concerned a data breach that had occurred on December 1, 2022, and was discovered the next day. That’s fast!
In its most recent announcement, Regal Medical Group revealed that the sensitive data of over In its most recent announcement, Heritage Provider Network revealed to the U.S. Department of Health and Human Services that the sensitive data of over 3.3 million patients had been stolen. The information included the patient's full name and social security number, date of birth and physical address, contact details, as well as sensitive medical information on diagnoses and treatment.
The organization also advised those who had been affected that they were eligible for one fully-paid year of Norton LifeLock credit monitoring. If that includes you, take advantage of this benefit. Just keep in mind it will not prevent someone from using your data to commit identity theft or fraud. They will alert you if someone does attempt to use your information to apply for credit.
These ransomware attacks were not the only recent ones to affect the healthcare sector. In mid-January 2023, Sharp Healthcare in California also suffered a malware attack that saw the records of nearly 33,000 patients stolen (although Sharp was quick to point out that the information at their “FollowMyHealth” portal was not compromised). The information contained in these records was much the same as that stolen in the Heritage Provider Network incident.
In all cases, patients should be vigilant for possible phishing attacks, scams, and social engineering activities. Should you come across a targeted phishing attempt, report it to the healthcare organization. If they know what sort of phishing is occurring, they may be able to help prevent patients from falling for it. Also, be sure to check your benefits statements to confirm the services listed on them were provided for you. If you are unsure, contact your healthcare provider and report fraud to your health insurance provider.
In addition, check your credit report for potential incorrect information. If anything looks incorrect, report it to the credit agencies. Consider freezing your credit if you don’t need to access it any time soon. It’s free to freeze and unfreeze it.
All healthcare providers in these cases have committed to strengthening their security measures, which becoming increasingly urgent given the trend of threat actors targeting healthcare service providers. The providers will also be implementing stricter protocols to prevent similar breaches of patient confidentiality.