History
2023: Over 3 million people leak personal and protected health information
On February 14, 2023, it became known that a ransomware attack on Regal Medical Group, a California health care provider, stole the personal and protected medical information of more than 3.3 million people.
The incident took place on December 1, 2022, but was only discovered a week later. In addition to the Regal Medical Group, the medical organization Lakeside and the Greater Covina Medical Group are affected.
On February 1, 2023, Regal Medical Group began sending letters of informing notifications addressed to the affected persons. In the letters, the company told people their personal data had been compromised in a cybersecurity incident.
Those affected data include full names, registration addresses, dates of birth, phone numbers, social numbers, insurance information diagnosis and treatment, health plan participant numbers, laboratory test results, prescription details, and radiology reports. The list is quite extensive.
On December 2, 2022, we noticed difficulties accessing some of our servers. After careful verification, malware was found on some servers, which, as we later learned, led to the fact that attackers gained access to certain data and unloaded it from our internal systems, the Regal Medical Group said in a notification letter. |
On February 1, the company informed the Ministry health care and Social Services USA of this incident, and also said that the data of more than 3.3 million people had been compromised.
The health care provider did not disclose the type of ransomware used in the cyberattack or whether the ransom was paid to cybercriminals. The notification letter mentions that the company worked with specialists to restore access to affected systems. This suggests that instead of paying the ransom, the company decided to simply restore the backups.
According to a report by Emsisoft, more than 200 government, educational and medical organizations in the United States were victims of ransomware attacks in 2022. As you can see, attackers care little about the ethical side of the issue when it comes to their earnings. However, ransomware revenues continue to fall. It is possible that this trend will be relevant and in 2023[1]