California medical group discloses ransomware attack, more than 3 million affected

A medical group based in southern California said it was hit with a ransomware attack that has potentially exposed the private health information of patients.

Regal Medical Group posted the information on its website Friday. More than 3.3 million individuals may be affected, according to a filing with the U.S. Department of Health & Human Services’ Office of Civil Rights. Healthcare organizations are required to report any data breach affecting at least 500 people to the federal government.

• Read more: The 11 largest health data breaches of 2022

Regal said the breach, which it said originated from a “ransomware cyberattack” occurred on or about Dec. 1.

The breach may have exposed information from Regal and its affiliates: ​​Lakeside Medical Organization, Affiliated Doctors of Orange County and Greater Covina Medical Group.

“On Friday, December 2, 2022, Regal employees noticed difficulty in accessing some of our servers,” Regal said in a post on its site. “After extensive review, malware was detected on some of our servers, which a threat actor utilized to access and exfiltrate data.”

“We hired third-party vendors experienced in this area to assist with our response to the incident. The Regal team worked with the vendors to efficiently restore access to our systems and to analyze the impacted data,” the medical group said.

Patient information that could have been exposed includes names, Social Security numbers, dates of birth, phone numbers, diagnosis and treatment information, health plan member numbers, prescriptions and lab results, Regal said.

The medical group said it is bolstering security protocols, and is offering free credit monitoring to patients for one year. Patients with Regal can call the medical group at 866-918-5293.

Scores of hospitals and health systems have been hit with ransomware attacks. Health systems possess a wealth of valuable patient information, and bad actors have learned that hospitals and healthcare organizations will pay ransoms to restore systems, cybersecurity experts say.

More healthcare organizations say they are dealing with ransomware attacks, and they are having an impact on patient care.

In a survey of healthcare IT professionals released by the Ponemon Institute last month, nearly half (47%) said their organizations experienced a ransomware attack in the past two years, up from 43% in 2021. And 45% of respondents reported complications from medical procedures due to ransomware attacks, up from 36% in 2021.

Federal authorities said last month they managed to disrupt the Hive ransomware group, which has targeted hospitals and financial organizations. The FBI managed to penetrate Hive’s systems, recover decryption keys and offered those tools to victims. The FBI’s efforts prevented victims from having to pay $130 million in ransom payments, the U.S. Justice Department said.

Last week, Tallahassee Memorial Healthcare disclosed what it described as an “IT security event,” forcing the organization to take down systems, postpone non-emergency surgeries, and divert some patients. Tallahassee Memorial has not described the incident as a ransomware attack, but it is using paper documentation.

The system said Thursday that it is making progress in restoring some systems and is starting to increase its patient load.

“We are now working toward bringing impacted systems back online,” Tallahassee Memorial said. “As is customary with events of this nature, it will take some time to return to normal operations. While we cannot share a definitive timeline, we are making significant progress and working nonstop to bring systems back online safely as soon as possible.”