A targeted ransomware attack has once again endangered the personal information of data subjects, after a massive data breach potentially exposed the health records of over three million people.

The Regal Medical Group based in California in the United States disclosed that it had suffered a devastating data breach back in December last year, after threat operators accessed private information from both itself and many of its affiliates. These included the Lakeside Medical Organisation and the Affiliated Doctors of Orange County Medical Group.

Disclosure of a data leak

In a recent data breach notice posted on its official website, the Regal Medical Group described how some of its personnel had initially experienced issues accessing its dedicated servers last year on December 2. Following further investigation, the healthcare organisation determined that malicious software had been embedded in its servers and private health patient data exfiltrated during the attack.

The patient data stolen in the attack included the full names of clients and their social security numbers, postal addresses, telephone numbers and dates of birth. It also included their professional diagnoses and the treatments prescribed to them. Prescription data, lab test results and radiology reports were taken, along with the membership numbers of health plan patients.

In total, the results of the breach investigation indicated that 3.3 million patient’s medical records were stolen by the threat operators.

As a result of the breach, there are now multiple class action lawsuits being filed against Regal Medical group, which means that the costs of not protecting against an attack are rising even more. One of the main common points of the lawsuit is the issue that so much sensitive data was left unprotected, despite the healthcare organisation knowing about the prevalence of data breaches and the healthcare industry being a big target for threat operators. This breach could have easily been mitigated if sufficient measures were taken to encrypt data which would leave it useless in the hands of cyber thieves – protecting patients’ sensitive information and preventing what could be millions in costs and fines.

Steps taken following the breach

According to a statement from the Regal Medical Group, it is now taking the necessary steps to inform individuals who might have been affected by the data breach. In support, it is providing impacted patients with a year’s worth of credit monitoring free of charge from Norton LifeLock.

The healthcare provider has filed an example of the customer data breach letter that was sent to individuals impacted by the breach with the Attorney General’s office of California. At present it remains unclear how the threat operators behind the assault on Regal were able to gain initial access to the group’s IT infrastructure. Furthermore, the attack on the healthcare provider has not yet been attributed to a specific ransomware gang, and no threat actors have come forward to claim responsibility for the attack.

In recent years, many ransomware gangs have made a specific point of keeping their distance from hits on the healthcare sector. However, a notable exception is the notorious Hive ransomware group, whose infamous activities were recently disrupted after their malicious websites were shut down forcibly by cooperating crime-fighting agencies around the world.

Any patients who are potentially under threat because of the ransomware attack exposing their personally identifiable information (PII) are advised to keep a watchful eye on their credit reports and bank account statements. They should also be mindful of emails, text messages and phone calls regarding their healthcare and health, as attackers may use the stolen data to make communications seem legitimate which are, in reality, dangerous spear phishing attacks. On receiving such a phone call, email or SMS, patients should report the incident to their provider and the authorities.

Protecting data should always be a priority

Using state-of-the-art encryption to secure data is an easy way of guaranteeing that it stays safe even if a network is breached. Here at Galaxkey we’ve created an incredibly easy-to-use but also robust platform that allows organisations of any size to encrypt their data. You can see it for yourself in a quick and informative 30-minute demo.