As cyber threats continue to escalate, healthcare organizations across the United States are dealing with a wave of cyberattacks, raising concerns about the security of patient data. From potential breaches to ransomware attacks, medical groups and insurance companies face challenges in safeguarding sensitive information, prompting urgent investigations and enhanced security measures to mitigate the risks.
In early May 2024, Palomar Health Medical Group, a leading primary and specialty care provider in North San Diego County, California, detected suspicious activity within its computer network. The organization immediately took affected systems offline to contain any potential malware, triggering an investigation by third-party cybersecurity experts.
As a result of the breach response processes, the patient portal, phones, and faxes were temporarily unavailable, forcing patients to visit their physicians in person and expect delays due to the disruption. While the investigation is ongoing, it remains unclear whether patient data has been compromised. Notably, the incident is confined to Palomar Health Medical Group, with the broader Palomar Health Healthcare District, including its medical centers, remaining unaffected.
Across the country, the Prudential Insurance Company of America, a renowned financial services provider, recently reported a breach of personal and protected health information belonging to 36,092 individuals. The incident, first disclosed in a Securities and Exchange Commission (SEC) filing in February, was the result of a ransomware attack that occurred on February 4 and was identified the following day.
Third-party cybersecurity specialists assisted Prudential in the investigation, determining that a small percentage of files had been exfiltrated from the company's network. The compromised data included names, addresses, driver's license numbers, and non-driver identification numbers. Prudential has confirmed that the threat actor no longer has access to the network and has implemented enhanced access controls, security protocols, and additional monitoring technologies.
The affected individuals have been notified by mail and offered complimentary credit monitoring and identity theft protection services. The Blackcat ransomware group, known for its involvement in the attack on Change Healthcare, has claimed responsibility for the Prudential incident.
In Savannah, Georgia, the Georgia Institute for Plastic Surgery has also fallen victim to a cyberattack, notifying 8,111 current and former patients that their protected health information may have been stolen. The intrusion was detected on or around February 22, 2024, and a third-party cybersecurity firm confirmed that a remote desktop was used to access a network server on December 30, 2023.
The compromised server contained sensitive patient data, including full names, addresses, dates of birth, phone numbers, diagnosis codes, procedure codes, and patient account numbers. Individual notification letters were mailed to the affected individuals on April 24, 2024, providing guidance on steps they can take to mitigate the risk of misuse of their information.
Moving to the Pacific Northwest, West Idaho Orthopedics and Sports Medicine, which operates orthopedic clinics in Meridian, Caldwell, and Fruitland, Idaho, has announced that it fell victim to a ransomware attack in March 2024. The intrusion was detected on March 15, 2024, and the organization's systems were secured to prevent further unauthorized access.
The internal investigation confirmed that the attackers had exfiltrated files from the network prior to deploying the ransomware, potentially exposing the personal and medical information of up to 5,000 patients. The compromised data included names, dates of birth, addresses, telephone numbers, email addresses, health information, and insurance information.
West Idaho Orthopedics and Sports Medicine has reported the incident to law enforcement and regulators, and the affected individuals are being notified by mail. The organization has also taken steps to enhance its security measures to prevent similar incidents in the future.
The recent spate of cyberattacks on healthcare facilities across California, Georgia, and Idaho shows the industry's growing vulnerabilities. As healthcare organizations increasingly rely on technology to streamline operations and improve patient care, they have become attractive targets for cybercriminals.
The sensitive nature of the data held by these organizations, including personally identifiable information (PII) and protected health information (PHI), makes them particularly valuable to attackers. Ransomware, data breaches, and other sophisticated cyber threats can disrupt main services and lead to the exposure of confidential patient records, resulting in major financial and reputational consequences.