DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Four more attacks on the healthcare sector, weekend edition

Posted on February 4, 2023 by Dissent

UPDATE of Feb. 10, 2023:  Regal Medical Group notified HHS that their incident impacted 3,300,638 patients.

Original Post:

It may be the weekend, but there’s no rest for the weary when it comes to tracking attacks on the healthcare sector.  Here are four more incidents you may not have heard about already:

Cardiovascular Associates

Cardiovascular Associates (“CVA”) is notifying some of their patients seen at their Alabama locations about a hacking incident discovered on December 5, 2022. Their investigation determined that an unauthorized third party was able to both access and exfiltrate some data from the network between November 28, 2022 and December 5, 2022. CVA’s notification is totally silent on whether this incident involved any ransomware or ransom demand(s).

The personal information involved in this incident may have included one or more of the following elements:

  1. demographic information to identify and contact the patient, such as full name, date of birth, and address;
  2. Social Security number;
  3. health insurance information, such as name of insurer/government payor and member ID, policy and/or group number;
  4. medical and treatment information, such as medical record number, dates of service, provider and facility names, other visit, procedure and diagnosis information, and possibly assessments, tests and imaging;
  5. billing and claims information, such as account and/or claim status, billing and diagnostic codes, and payor information;
  6. passport and driver’s license number;
  7. credit and debit card information; and
  8. financial account information.

CVA notes that not all data elements were involved for all individuals.

You can read their notification to the California Attorney General’s Office and a companion FAQ about the incident. The incident is not yet up on HHS’s public breach tool so we do not know the number of patients affected.

Regal Medical Group

Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical (collectively, “Regal”) have been notifying patients about a breach that resulted from a ransomware attack.

In their notification of February 1, Regal writes that they first became aware of the December 1 breach on December 8, 2022. On December 2, they noticed difficulty accessing some servers and discovered malware on some servers. That malware resulted in access to and exfiltration of some data.

Personal information that may have been affected included

name, social security number (for certain, but not all, potentially impacted individuals), date of birth,
address, diagnosis and treatment, laboratory test results, prescription data, radiology reports, health plan member number, and phone number.

Regal’s notification to the California Attorney General’s Office does not identify the type of ransomware, whether they received a ransom demand, and whether they paid ransom, but as of publication, none of the Regal Group entities have shown up on any dark web leak site operated by various ransomware gangs.

The incident has not yet been posted to HHS’s public breach tool, so we do not yet know the total number of patients affected.

Southeast Colorado Hospital District

On December 6, Southeast Colorado Hospital District (“SECHD”) became aware of suspicious activity involving the email account of one SECHD employee. An investigation determined that an unauthorized third party had gained access to the email account at various times between November 23 and December 5.

Review of the employee’s email account revealed some individuals’ personal information that may have included:

name, Social Security number, driver’s license number, date of birth, medical treatment or diagnosis information, and/or health insurance information.

Written letters were mailed to those affected on February 3. You can read a copy of their notification on their website.

SECHD also submitted a notification to the Montana Attorney General’s Office, but it seems that through a clerical error, that office uploaded the wrong notification.

This incident does not appear on HHS’s breach tool at time of publication. Whether it will appear or not may depend on whether that email account had information on more than 500 patients.

Jackson & Joyce Family Dentistry

Of the four incidents in this post, the Jackson & Joyce Family Dentistry is the only one for which we do not have any notification or even acknowledgment from the entity.

The Ocala, Florida dental practice was added to LockBit 3.0’s leak site on February 3 with several screenshots as proof of claims. Finding no notice on the dental group’s website or social media account, DataBreaches sent an email inquiry about the claimed attack. There has been no reply. Although the screenshots appear convincing, this incident is treated as unconfirmed at this point.

 

Category: Breach IncidentsHackHealth DataMalwareU.S.

Post navigation

← Taiwan car rental platform iRent plans compensation for data leak victims
The FBI tried in vain: The Russian case against REvil turned out to be insignificant →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.