Medical companies in California and Arizona leak patients’ data after ransomware attack

Patients from two major health care companies were notified of a security incident that resulted in improper access to confidential records. According to the report, the leak includes confidential records such as full names, social security numbers, medical diagnoses and other confidential details of thousands of patients.

The companies affected are LifeLong Medical Care, based in California, and Desert Wells Family Medicine, in Arizona.

For days LifeLong Medical Care issued a notification addressed to about 115,000 users to inform them about a ransomware attack detected late last year. Although the company’s notification does not add details about the hacking group related to the attack, it has been confirmed that the incident was detected by Netgain, a network service provider.

The investigation into the incident was delayed until August 9, when the company concluded that the attack involved access to confidential records of its customers. LifeLong Medical Care is offering affected users a subscription to a credit monitoring service, in addition to asking them to stay on top of any attack attempts stemming from the incident.

On the other hand, Desert Wells Family Medicine sent a similar notification to 35,000 patients, confirming that this company was also the victim of a ransomware attack that leaked confidential information.

This company discovered the attack last May, which enabled its internal protocol for responding to security incidents and notified the corresponding authorities. In its notification, Desert Wells mentions that the attacking group “corrupted the data and health records of patients registered before May 21, 2021.” The company’s security teams were unable to retrieve the logs and their corresponding backups.

Desert Wells mentions that its electronic registration system is still being rehabilitated, in addition to the company also offering its affected patients a credit monitoring service and protection against identity fraud.

At the moment it is unknown if any of these incidents compromised in any way the regular operations of the affected health centers.

For a couple of years now, ransomware groups have put healthcare organizations among their main targets of attack, which can be critical especially in the context of the COVID-19 pandemic. While not all of these incidents lead to disruptions in health services, you never know how far threat actors are willing to go.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.