Over 3 million patient records breached in California health network ransomware attack

The California health network, Heritage Provider Network, suffered a massive data breach in December exposing the personal health information (PHI) of 3.3 million patients.

The Heritage Provider Network (HPN), one of the largest private healthcare networks in the US, fell victim to a ransomware attack this past December, exposing the private medical records of over 3 million people.

The southern California based healthcare network sent out a data breach notification letter to all affected patients on February 1.

“At this time, based on the third-party vendors’ review, we believe that your personal information may have been impacted in the incident,” the letter stated.

Besides basic personally identifiable information (PII) such as name, date of birth, address, and phone number, HPN stated more sensitive data, such as patient diagnosis and treatment, laboratory test results, prescription data, radiology reports, and health plan member number, could also have been exfiltrated during the attack.

HPN said they became aware of the breach on December 8, 2022, after having trouble accessing some network servers five days earlier.

“After extensive review, malware was detected on some of our servers, which we later learned resulted in the threat actor accessing and exfiltrating certain data from our systems,” HPN stated.

The breach involved four specific healthcare groups; Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical. All operate under the Heritage umbrella network.

Upon learning of the breach, HPN stated they hired outside cybersecurity experts to restore access to the systems and analyze the impacted data.

It is not clear if a ransom was paid.

It is also unclear why only four of the nine medical groups under the network were breached.

The US Department of Health and Human Services, the California Attorney General and local law enforcement were notified about the attack.

Earlier this week, a Florida hospital was forced to cancel all-non emergency surgeries and send patients to other area hospitals after a suspected ransomware attack shut down its IT network.

Five days later they are still recovering.

The number of ransomware attacks on hospitals has doubled since 2021, according to the recent Sophos report, The State of Ransomware in Healthcare 2022.

That means nearly two thirds of healthcare entities have been hit by a ransomware attack in the past year.

Hospitals are an attractive target for ransomware groups looking to make a quick buck.

Security experts say healthcare data can be extremely valuable, affecting the lives of patients in some cases, and the hackers know this.