Palomar Health has filed a data breach with the California Attorney General’s Office, potentially affecting worsening Palomar’s financial situation and affecting patients.
What happened
On June 21st, Palomar Health, a medical group serving San Diego and surrounding communities, released a letter to patients detailing a security breach.
The letter was sent to those who had received care at Palomar Continuing Care Center in Escondido or The Villas at Poway between 2001 and 2020.
Palomar wrote that their vendor, PharMerica, had notified Palomar that an unknown third party had accessed PharMerica’s systems and potentially obtained personal patient information. Through an investigation on March 13th, 2023, PharMerica determined that their computers had been accessed between March 12th and March 13th, 2023.
Information obtained includes names, dates of birth, Social Security numbers, addresses, health insurance information, and medication information. Palomar also conducted their own investigation into the issue and suggested that California’s Department of Public Health may conduct a separate investigation.
To help protect patients, PharMerica is providing credit and identity theft monitoring services to those who may have been affected.
Why it matters
In May 2023, PharMerica announced its data breach, estimated to affect nearly 6 million individuals. Money Message, a ransomware group, took credit for the attack and a breach of PharMerica’s parent company, BrightSpring Health Services.
After PharMerica notified health organizations like Palomar, these medical groups conducted their own investigation, leading to delays in direct contact between Palomar and their patients on the issue. It’s unclear when PharMerica initially contacted Palomar regarding the breach.
The massive data breach occurred just days after the MCNA incident, which affected nearly 9 million individuals in the United States. MCNA’s attack was attributed to LockBit and showcases the continued evolution of ransomware attacks on healthcare organizations.
As of June 26th, the data breach lawyers at Console & Associates, P.C. announced they would pursue their own investigation and encouraged affected individuals to contact their offices.
Read more:
Going deeper
The data breach isn’t the only issue Palomar Health is handling this year. According to a local news source in San Diego, Palomar has been struggling financially and will likely face further repercussions following the leak.
Palomar released a report from their financial committee, stating the health company is facing $585 million in debt. A June report further showed that their income has decreased from approximately $42 million in 2022 to a projected 9 million in 2023.
Cybersecurity failures can also result in unexpected expenses for hospitals, especially if operations become delayed at any point or if they have to update their security protocols. Following the pandemic, many hospitals are still reeling from the loss of workers and other COVID-related financial impacts.
Related: Rural Illinois hospitals set to close after ransomware attack
The bottom line
The situation with Palomar continues to evolve, and it’s likely that the impact of the PharMerica breach and its subsequent effect on Palomar will be clearer in the coming months.
In the meantime, it’s worth noting the spike in cyberattacks against healthcare companies. Organizations often do everything they can to prevent a breach, but many attacks could have been resolved sooner or even prevented had proper strategies been implemented.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.