California Health Network Discloses Massive Data Breach
In one of the most significant medical data breaches in California’s recent history, Heritage Provider Network (HPN) was targeted by a ransomware attack, exposing the sensitive data of more than 3 million patients. Among the largest private healthcare networks in the United States, HPN confirmed the cyberattack occurred on December 1, 2022.
The South California healthcare service network sent out a data breach notice on February 1, informing patients that their “personal information may have been impacted in the incident”. The data breach came to light after Regal Medical Group employees, a subsidiary of HPN, faced issues accessing the servers. Regal stated that “after extensive review, malware was detected on some of our servers, which a threat actor utilized to access and exfiltrate data.”
Based on the preliminary findings of third-party security vendors, the leaked patient data may include information such as names, social security numbers, addresses, and date of birth. Sensitive health information such as diagnosis and treatments, lab test results, prescription information, radiology reports, and health plan membership numbers, may also have been attained by hackers.
The firm reported to the U.S. Department of Health and Human that the personal information of 3,300,638 patients was compromised in the ransomware attack. The subsidiaries of HPN affected by the breach are Regal Medical Group, ADOC Medical Group, Greater Covina Medical, and Lakeside Medical Organization.
In an official statement to the patients, Regal Medical Group said it was “taking steps to notify potentially impacted individuals of this breach to ensure transparency”. The health network company will provide a free annual subscription to Norton LifeLock, which offers identity theft protection and credit monitoring to all those affected. They also implemented “additional computer security protections and protocols to ensure that your personal information is protected from unauthorized access”.
The U.S. healthcare industry faces a major data security crisis. According to Reuters, data breaches commonly result from illegitimate access by healthcare employees, technical issues related to third-party vendors, and malicious cyberattacks by hackers.