DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Four more attacks on the healthcare sector, weekend edition

Posted on February 4, 2023 by Dissent

UPDATE of Feb. 10, 2023:  Regal Medical Group notified HHS that their incident impacted 3,300,638 patients.

Original Post:

It may be the weekend, but there’s no rest for the weary when it comes to tracking attacks on the healthcare sector.  Here are four more incidents you may not have heard about already:

Cardiovascular Associates

Cardiovascular Associates (“CVA”) is notifying some of their patients seen at their Alabama locations about a hacking incident discovered on December 5, 2022. Their investigation determined that an unauthorized third party was able to both access and exfiltrate some data from the network between November 28, 2022 and December 5, 2022. CVA’s notification is totally silent on whether this incident involved any ransomware or ransom demand(s).

The personal information involved in this incident may have included one or more of the following elements:

  1. demographic information to identify and contact the patient, such as full name, date of birth, and address;
  2. Social Security number;
  3. health insurance information, such as name of insurer/government payor and member ID, policy and/or group number;
  4. medical and treatment information, such as medical record number, dates of service, provider and facility names, other visit, procedure and diagnosis information, and possibly assessments, tests and imaging;
  5. billing and claims information, such as account and/or claim status, billing and diagnostic codes, and payor information;
  6. passport and driver’s license number;
  7. credit and debit card information; and
  8. financial account information.

CVA notes that not all data elements were involved for all individuals.

You can read their notification to the California Attorney General’s Office and a companion FAQ about the incident. The incident is not yet up on HHS’s public breach tool so we do not know the number of patients affected.

Regal Medical Group

Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical (collectively, “Regal”) have been notifying patients about a breach that resulted from a ransomware attack.

In their notification of February 1, Regal writes that they first became aware of the December 1 breach on December 8, 2022. On December 2, they noticed difficulty accessing some servers and discovered malware on some servers. That malware resulted in access to and exfiltration of some data.

Personal information that may have been affected included

name, social security number (for certain, but not all, potentially impacted individuals), date of birth,
address, diagnosis and treatment, laboratory test results, prescription data, radiology reports, health plan member number, and phone number.

Regal’s notification to the California Attorney General’s Office does not identify the type of ransomware, whether they received a ransom demand, and whether they paid ransom, but as of publication, none of the Regal Group entities have shown up on any dark web leak site operated by various ransomware gangs.

The incident has not yet been posted to HHS’s public breach tool, so we do not yet know the total number of patients affected.

Southeast Colorado Hospital District

On December 6, Southeast Colorado Hospital District (“SECHD”) became aware of suspicious activity involving the email account of one SECHD employee. An investigation determined that an unauthorized third party had gained access to the email account at various times between November 23 and December 5.

Review of the employee’s email account revealed some individuals’ personal information that may have included:

name, Social Security number, driver’s license number, date of birth, medical treatment or diagnosis information, and/or health insurance information.

Written letters were mailed to those affected on February 3. You can read a copy of their notification on their website.

SECHD also submitted a notification to the Montana Attorney General’s Office, but it seems that through a clerical error, that office uploaded the wrong notification.

This incident does not appear on HHS’s breach tool at time of publication. Whether it will appear or not may depend on whether that email account had information on more than 500 patients.

Jackson & Joyce Family Dentistry

Of the four incidents in this post, the Jackson & Joyce Family Dentistry is the only one for which we do not have any notification or even acknowledgment from the entity.

The Ocala, Florida dental practice was added to LockBit 3.0’s leak site on February 3 with several screenshots as proof of claims. Finding no notice on the dental group’s website or social media account, DataBreaches sent an email inquiry about the claimed attack. There has been no reply. Although the screenshots appear convincing, this incident is treated as unconfirmed at this point.

 

Related posts:

  • The Ransomware Superhero of Normal, Illinois
Category: Breach IncidentsHackHealth DataMalwareU.S.

Post navigation

← Taiwan car rental platform iRent plans compensation for data leak victims
The FBI tried in vain: The Russian case against REvil turned out to be insignificant →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.