DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Centrelake Medical Group notifies patients after virus investigation reveals earlier intrusion and suspicious activity

Posted on April 17, 2019 by Dissent

Updated April 25:  This incident was reported to HHS as impacting 197,661 patients.

Original post:

Here’s their press release. The release does not explain how the attacker(s) first gained access to certain servers in January. Was the  infection intended to cover up the earlier activity? It’s not clear to me. Nor does the press release indicate how many patients are being notified.  Update:  HealthData Management subsequently reported that executives at Centrelake say that the virus was not ransomware, but did deny them access to data.


April 16, 2019 /PRNewswire/ — Centrelake Medical Group, Inc. (“Centrelake”) is taking action after it recently became aware that there was an incident in which an unknown third party may have gained access to the data in its practice. Although there is no indication of actual or attempted misuse of patient information, Centrelake is notifying patients whose records may have been subject to unauthorized access and providing these patients with information and resources that can be used to better protect against the possibility of identity theft or fraud if they feel it is appropriate to do so.

Centrelake takes this incident, and patient privacy, very seriously, and is taking steps to help prevent another incident of this kind from happening by continuing to review its processes, policies, and procedures that address data privacy.

To better assist those who may potentially have been affected by this event, Centrelake has established a toll-free privacy line staffed with individuals familiar with this incident and how to better protect against the possibility of identity theft and fraud, and you can direct all questions and concerns to this line by calling 1-866-736-0792 between 8:00 a.m. and 5:30 p.m. PDT, Monday through Friday, excluding major holidays.

What Happened

On February 19, 2019, Centrelake discovered its information system had been infected with a virus that prohibited its access to its files.  Centrelake immediately worked to restore its information system and launched an investigation, with the assistance of third-party forensics, to determine the nature and scope of the incident.  As part of Centrelake’s ongoing investigation, it determined this virus was introduced by an unknown third-party that had access to certain servers on its information system which contain personal and protected health information relating to current and former Centrelake patients. After a review of available forensic evidence, Centrelake determined that suspicious activity began on its network on January 9, 2019, lasting until the virus infection on February 19, 2019.

Information Affected

While the investigation is ongoing, and there is no evidence the unknown third-party viewed or took patient information stored on the systems, it has been confirmed that the impacted servers housed files and software applications containing information which may include patients’ names, addresses, phone numbers, Social Security numbers, services performed and diagnosis information, driver’s license information, health insurance information, referring provider information, medical record number, and dates of service.

Notification

Centrelake is providing notification to impacted patients and business partners and providing notification to required regulators about this incident.

Fraud Prevention Tips

Centrelake encourages affected individuals to remain vigilant against incidents of identity theft and fraud and to seek to protect against possible identity theft or other financial loss by regularly reviewing their financial account statements, credit reports, and explanations of benefits for suspicious activity. Anyone with questions regarding how to best protect themselves from potential harm resulting from this incident, including how to receive a free copy of one’s credit report, and place a fraud alert or security freeze on one’s credit file, is encouraged to call 1-866-736-0792 between 8:00 a.m. and 5:30 p.m. PDT, Monday through Friday, excluding major holidays.

SOURCE Centrelake Medical Group, Inc.

No related posts.

Category: Health DataMalware

Post navigation

← Accounting firm notifies clients affected by Citrix Shareful incident
Klaussner Furniture Notified More than 9,000 Employees and Their Dependents of a Data Security Incident Involving Health Plan Data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan
  • A year after cyber attack, Columbus could invest $23M in cybersecurity upgrades
  • Gravity Forms Breach Hits 1M WordPress Sites
  • Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The patient data appears fake. (2)
  • Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care
  • Here’s What a Reproductive Police State Looks Like
  • Meta investors, Zuckerberg to square off at $8 billion trial over alleged privacy violations
  • Australian law is now clearer about clinicians’ discretion to tell our patients’ relatives about their genetic risk
  • The ICO’s AI and biometrics strategy
  • Trump Border Czar Boasts ICE Can ‘Briefly Detain’ People Based On ‘Physical Appearance’

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.