Community Medical Centers, Inc. (“CMC”) is a non-profit community health center serving San Joaquin, Solano, and Yolo counties in Northern California.
On October 10, 2021, they shut down many of their systems after detecting unusual activity on the network. In their notification to California’s Attorney General, they reported that they found evidence that indicated unauthorized access to the network.
CMC’s notification does not state that this was a ransomware incident. They do not mention any ransom note at all, but protected health information was involved: first and last name, mailing address, Social Security number, date of birth, demographic information, and medical information maintained by CMC.
As of October 26, they began notifying 656,047 patients. Their notification letters also include an offer to enroll in free credit monitoring and identity theft protection services through Kroll.
As of today, however, a notice on the home page of their web site states:
** Our communications are down but our clinic sites remain open during regular hours. **
This continues to sound/read like a ransomware incident, but it has not shown up on leak site. There are a few groups that don’t hesitate to hit medical centers like CMC, and DataBreaches.net will continue to monitor those sites to see if CMC is ever listed (or has data dumped).