Monday, December 23, 2024
HomeCyber Security News17M Patient Records Stolen in Ransomware Attack on Three California Hospitals

17M Patient Records Stolen in Ransomware Attack on Three California Hospitals

Published on

SIEM as a Service

A staggering 17 million patient records, containing sensitive personal and medical information, have been stolen in a devastating ransomware attack on PIH Health.

The cyberattack, which began on December 1, has disrupted operations at three hospitals: PIH Health Downey Hospital, PIH Health Whittier Hospital, and PIH Health Good Samaritan Hospital, as well as affiliated urgent care centers, doctors’ offices, and a home health and hospice agency.

According to the Daily News report, the hackers behind the attack claim to have extracted 2 terabytes of data and have threatened to release the information online unless their demands are met.

- Advertisement - SIEM as a Service

In a typewritten letter allegedly sent to PIH Health, the cybercriminals declared, “Be informed, there was a Ghost in your network! … If you’re not going to cooperate and make a deal, then all your confidential files will be published on the internet.”

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

Data Breach Details

The stolen data reportedly includes:

  • Personal and medical records of 17 million patients.
  • Information about 8.1 million medical episodes, including patients’ home addresses, phone numbers, workplaces, and medical expenses.
  • Confidential diagnoses, test results, patient photos and scans, and treatment plans for thousands, including cancer patients.
  • Sensitive internal documents, such as PIH’s oncology profitability reports and private emails with patients.
  • Around 100 active non-disclosure agreements with other organizations, as well as employee-related confidentiality agreements.

Screenshots of PIH’s oncology reports and billing information were shared by the hackers as proof of the breach.

Despite the severity of the attack, PIH officials have not disclosed if a ransom was paid or if negotiations with the attackers are underway. The FBI is collaborating with cybersecurity experts to investigate the breach, but neither has released further details.

PIH Health spokesperson Amanda Enriquez stated, “We continue to provide care to patients safely using our downtime procedures at all of our facilities. These procedures entail non-electronic documentation, which requires significant workflow adjustments.”

The hospital system has promised to notify affected individuals if evidence confirms their information was compromised.

The attack has crippled PIH Health’s IT systems, including patient health records, laboratory tools, radiology, and pharmacy services.

Internet access at medical facilities has been disrupted, forcing staff to rely on personal cell phones and temporary internet hotspots for communication. Telephone operations have been consolidated at PIH Health Good Samaritan Hospital due to outages at other locations.

This incident serves as a grim reminder of the ongoing vulnerability of healthcare institutions to cyberattacks, raising urgent questions about data security and patient privacy.

For now, PIH Health is racing against time to recover its systems, safeguard operations, and restore trust among its patients.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...