"3.3 Million Impacted by Ransomware Attack at California Healthcare Provider"

The personally identifiable information (PII) and protected health information (PHI) of more than 3.3 million individuals were recently stolen in a ransomware attack at California healthcare provider Regal Medical Group.  The incident occurred on December 1, 2022, and impacted the Regal Medical Group and affiliates Lakeside Medical Organization, Affiliated Doctors of Orange County, and Greater Covina Medical Group.  On February 1, Regal started sending breach notification letters to the impacted individuals, informing them that their data had been compromised in the incident.  Regal noted that affected PII and PHI include names, addresses, birth dates, phone numbers, Social Security numbers, diagnosis and treatment information, health plan member numbers, laboratory test results, prescription details, and radiology reports.  The company stated that on Friday, December 2, 2022, they had difficulty accessing some of their servers.  After extensive review, the malware was detected on some of their servers, which they later learned resulted in the threat actor accessing and exfiltrating certain data from their systems.  Regal did not reveal what type of ransomware was used during the cyberattack and whether a ransom was paid.
 

SecurityWeek reports: "3.3 Million Impacted by Ransomware Attack at California Healthcare Provider"