Ransomware attackers steal over 3 million sufferers’ medical information

A ransomware assault has once more put the non-public info of harmless events in danger after it was revealed {that a} knowledge breach has probably uncovered the medical information of greater than three million folks.

The Californian-based Regal Medical Group says that it suffered a knowledge breach in December 2022, after malicious hackers accessed info from itself and its associates Affiliated Medical doctors of Orange County (ADOC) Medical Group, Larger Covina Medical, and Lakeside Medical Group.

In a notice posted on its website, Regal described how its staff had first skilled issues accessing its servers on December 2, 2022, and after additional investigation decided that malware had been planted on its servers and knowledge exfiltrated.

Knowledge stolen throughout the assault included:

  • purchasers’ names
  • social safety numbers
  • addresses
  • dates of start
  • telephone numbers
  • diagnoses and coverings
  • lab check outcomes
  • prescription knowledge
  • radiology reviews
  • well being plan membership numbers

It’s believed that 3.3 million folks’s medical information have been stolen.

Regal Medical Group says it’s taking steps to contact people who could have been impacted by the breach, and is providing one yr’s complimentary credit score monitoring from Norton LifeLock (which, paradoxically, suffered its own security scare final month).

An instance of the letter being sent to affected individuals has been filed with the California Legal professional Common’s workplace.

What hasn’t been made public at this level is how the cybercriminals may need made their preliminary entry into Regal’s IT infrastructure, and which ransomware group may need been chargeable for the assault.

Some ransomware teams have made a degree of distancing themselves from assaults towards the healthcare business.  One exception is the Hive ransomware group whose actions had been disrupted recently after its web sites had been forcibly shut down by worldwide crime-fighting companies who revealed that that they had helped a whole lot of victims decrypt their knowledge without spending a dime.

Anybody who’s probably in danger because of the assault exposing their private knowledge could be clever to maintain an in depth eye on their account statements and credit score bureau reviews, in addition to take care if contacted by fraudsters who is perhaps exploiting the info to look extra believable.