California-based Heritage Provider Network was hit with a ransomware attack exposing the private medical records of 3.3 million patients.
The Heritage Provider Network (HPN), one of the largest private healthcare networks in the U.S., suffered from a ransomware attack this past December, Cybernews reports.
The network sent out a data breach notification letter to all affected patients earlier in February.
"At this time, based on the third-party vendors' review, we believe that your personal information may have been impacted in the incident," the notification says.
HPN notified patients that impacted personal information may include their name, date of birth, address, diagnosis and treatment, laboratory test results, prescription data, radiology reports, health plan member number, and phone number. Some patients may also have their social security number breached.
The attack affected four groups operating under the Heritage umbrella network: Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical.
The company says it has notified law enforcement and the U.S. Department of Health and Human Services of this incident. The network will also cover the cost for one year for affected patients to receive credit monitoring from Norton LifeLock.
Ransomware is malware designed to encrypt a user's or organization's access to files on their computer. The attacker then demands ransom payment for the decryption key.
Some 66% of healthcare organizations worldwide were hit by ransomware attacks in 2021, according to a report by Sophos, the U.K.-based security software and hardware company.
- Regal Medical Group. Re: Notice of Data Breach.
- Cybernews. Over 3 million patient records breached in California health network ransomware attack.
- Sophos. The State of Ransomware in Healthcare 2022.
- National Library of Medicine. Healthcare Data Breaches: Insights and Implications.