Ransomware Attack on California Healthcare Provider Impacts 3.3 Million

Date:

February 23, 2023

World map

Overview

Title

Ransomware Attack on California Healthcare Provider Impacts 3.3 Million

Victim

Regal Medical Group

Attacker

Unknown

Location

Temecula, USA

Temecula, California

Size of Attack

Unknown/TBD

First Reported

February 23, 2023

Last Updated

October 31, 2022

A ransomware attack against California healthcare provider Regal Medical Group potentially exposed the personally identifiable (PII) and protected health information (PHI) of more than 3.3 million patients.

The attack took place in December and affected the systems at the Regal Medical Group and affiliates Lakeside Medical Organization, Affiliated Doctors of Orange County and the Greater Covina Medical Group.

“Affected PII and PHI includes names, addresses, birth dates, phone numbers, Social Security numbers, diagnosis and treatment information, health plan member numbers, laboratory test results, prescription details, and radiology reports,” according to SecurityWeek.

Takeaway: Ransomware attacks are the biggest threat facing organizations today, and healthcare providers have been hit particularly hard. Criminal ransomware groups know that the impact of an attack against healthcare organizations doesn’t just disrupt everyday business, it directly affects the lives of their patients, which puts tremendous pressure on the targeted provider to pay up for swift recovery.

The threat from ransomware is very real, and the fact that nation-state sponsored or directed operators are getting more active in conducting ransomware attacks is concerning. Last year CISA's Shields Up advised organizations to remain vigilant with respect to an increased risk from ransomware and destructive data attacks as a result of the Russian invasion of Ukraine and likelihood that ransomware attacks against Western targets are likely to escalate. As well, a joint alert was just issued (PDF) from CISA, the FBI, NSA, HHS, and several South Korean law enforcement agencies to be wary of ransomware attacks coming from North Korea targeting healthcare providers.

Criminal elements have significantly advanced their ability to quietly infiltrate large portions of a target's network in order to demand a higher ransom payout and exfiltrate sensitive data to be used as additional leverage to get the victims to pay. This is a big-money game, and we continue to see healthcare and other critical infrastructure providers be a favorite target given they typically have the least amount of resources to dedicate to securing these sensitive systems.

healthcare providers have been hit particularly hard. Criminal Ransomware attacks against healthcare organizations don’t just disrupt everyday business, they directly affect the lives of patients...

Oh no!

This attack's description was not found, while we work on the detailed account of this attack we invite you to browse through other recent Rasomware Attacks in the table below.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.

Cactus attacks Tormax USA
Date
September 7, 2023
Ransomware group
Cactus
Location

San Antonio, USA

Texas, USA

Industry
Manufacturing
Victim
Tormax USA
Cactus attacks Tormax USA
Date
September 7, 2023
Ransomware group
Cactus
Location

San Antonio, USA

Texas, USA

Industry
Manufacturing
Victim
Tormax USA
LockBit attacks Onyx Fire Protection Services
Date
September 6, 2023
Ransomware group
LockBit
Location

Mississauga, Canada

Ontario, Canada

Industry
Professional, Scientific & Technical Services
Victim
Onyx Fire Protection Services
LockBit attacks Onyx Fire Protection Services
Date
September 6, 2023
Ransomware group
LockBit
Location

Mississauga, Canada

Ontario, Canada

Industry
Professional, Scientific & Technical Services
Victim
Onyx Fire Protection Services
LockBit attacks Protoshop
Date
September 6, 2023
Ransomware group
LockBit
Location

Milan, Italy

Lombardy, Italy

Industry
Retail Trade
Victim
Protoshop
LockBit attacks Protoshop
Date
September 6, 2023
Ransomware group
LockBit
Location

Milan, Italy

Lombardy, Italy

Industry
Retail Trade
Victim
Protoshop
LockBit attacks Ragasa
Date
September 6, 2023
Ransomware group
LockBit
Location

Monterrey, Mexico

Nuevo Leon, Mexico

Industry
Accommodations & Food Services
Victim
Ragasa
LockBit attacks Ragasa
Date
September 6, 2023
Ransomware group
LockBit
Location

Monterrey, Mexico

Nuevo Leon, Mexico

Industry
Accommodations & Food Services
Victim
Ragasa
Knight attacks Solano-Napa Pet Emergency Clinic
Date
September 6, 2023
Ransomware group
Knight
Location

Fairfield, USA

California, USA

Industry
Other
Victim
Solano-Napa Pet Emergency Clinic
Knight attacks Solano-Napa Pet Emergency Clinic
Date
September 6, 2023
Ransomware group
Knight
Location

Fairfield, USA

California, USA

Industry
Other
Victim
Solano-Napa Pet Emergency Clinic
LockBit attacks The Noble Group
Date
September 6, 2023
Ransomware group
LockBit
Location

Lancaster, USA

Pennsylvania, USA

Industry
Real Estate
Victim
The Noble Group
LockBit attacks The Noble Group
Date
September 6, 2023
Ransomware group
LockBit
Location

Lancaster, USA

Pennsylvania, USA

Industry
Real Estate
Victim
The Noble Group
Akira attacks Energy One
Date
September 6, 2023
Ransomware group
Akira
Location

Eastwood, Australia

Adelaide, Australia

Industry
Other
Victim
Energy One
Akira attacks Energy One
Date
September 6, 2023
Ransomware group
Akira
Location

Eastwood, Australia

Adelaide, Australia

Industry
Other
Victim
Energy One
LockBit attacks Gorman and Company
Date
September 6, 2023
Ransomware group
LockBit
Location

Oregon, USA

Wisconsin, USA

Industry
Real Estate
Victim
Gorman and Company
LockBit attacks Gorman and Company
Date
September 6, 2023
Ransomware group
LockBit
Location

Oregon, USA

Wisconsin, USA

Industry
Real Estate
Victim
Gorman and Company
INC Ransom attacks It4 Solutions Robras
Date
September 6, 2023
Ransomware group
INC Ransom
Location

Oakland Park, USA

Florida, USA

Industry
Information & Technology
Victim
It4 Solutions Robras
INC Ransom attacks It4 Solutions Robras
Date
September 6, 2023
Ransomware group
INC Ransom
Location

Oakland Park, USA

Florida, USA

Industry
Information & Technology
Victim
It4 Solutions Robras
LockBit attacks Meroso Foods
Date
September 6, 2023
Ransomware group
LockBit
Location

Ramsdonk, Belgium

Kapelle-op-den-Bos, Belgium

Industry
Accommodations & Food Services
Victim
Meroso Foods
LockBit attacks Meroso Foods
Date
September 6, 2023
Ransomware group
LockBit
Location

Ramsdonk, Belgium

Kapelle-op-den-Bos, Belgium

Industry
Accommodations & Food Services
Victim
Meroso Foods