2 min read

Ransomware attackers steal over 3 million patients' medical records


February 14, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Ransomware attackers steal over 3 million patients' medical records

A ransomware attack has again put the personal information of innocent parties at risk after it was revealed that a data breach has potentially exposed the medical records of more than three million people.

The Californian-based Regal Medical Group says that it suffered a data breach in December 2022, after malicious hackers accessed information from itself and its affiliates Affiliated Doctors of Orange County (ADOC) Medical Group, Greater Covina Medical, and Lakeside Medical Organization.

In a notice posted on its website, Regal described how its employees had first experienced problems accessing its servers on December 2, 2022, and after further investigation determined that malware had been planted on its servers and data exfiltrated.

Data stolen during the attack included:

  • clients' names
  • social security numbers
  • addresses
  • dates of birth
  • phone numbers
  • diagnoses and treatments
  • lab test results
  • prescription data
  • radiology reports
  • health plan membership numbers

It is believed that 3.3 million people's medical records have been stolen.

Regal Medical Group says it is taking steps to contact individuals who may have been impacted by the breach, and is offering one year's complimentary credit monitoring from Norton LifeLock (which, ironically, suffered its own security scare last month).

An example of the letter being sent to affected individuals has been filed with the California Attorney General's office.

What hasn't been made public at this point is how the cybercriminals might have made their initial entry into Regal's IT infrastructure, and which ransomware group might have been responsible for the attack.

Some ransomware groups have made a point of distancing themselves from attacks against the healthcare industry.  One exception is the Hive ransomware group whose activities were disrupted recently after its websites were forcibly shut down by international crime-fighting agencies who revealed that they had helped hundreds of victims decrypt their data for free.

Anyone who is potentially at risk as a result of the attack exposing their personal data would be wise to keep a close eye on their account statements and credit bureau reports, as well as take care if contacted by fraudsters who might be exploiting the data to appear more plausible.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like