California Heritage Provider Network Suffers Large-scale Ransomware Attack

Arguably the most malicious kind of ransomware attack is the kind that targets the sensitive data of healthcare organizations.

The latest victim is the California Heritage Provider Network, which recently confirmed a large-scale ransomware attack that impacted several of their affiliates and the data of more than 3 million patients. 

According to the U.S. Department of Health and Human Services breach portal, the data of 3,300,638 patients from the Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group and Greater Covina Medical were exposed in the attack.

Based on the reported attacks in the U.S. Department of Health and Human Services’ breach portal, this is the largest breach for 2023 and the second largest breach of the past 24 months.

While we know self-reporting is not always a great indicator of the larger picture, the HITECH Act requires the Secretary of Health and Human Services to post a list of breaches of unsecured private health information which affect 500 or more individuals.

The Regal Medical Group was the first network member to suspect an attack when employees reported technical difficulties this past December, which led to the discovery that a malware attack had successfully infected their servers. 

So, what kind of patient information was exposed? Like most healthcare attacks, including the recent Highmark incident, the data included patients’ full names, social security numbers, birthdays, addresses and medical records, which potentially includes medical related information such as, lab test results, prescriptions, insurance information and radiology reports, etc.

Regal has notified those patients believed to have been affected  and provided them one year of free credit monitoring through Norton LifeLock (another organization who recently suffered a breach) as well as the standard mea culpa, stating they have since improved their security measures and protocols. 

This attack is another reminder that healthcare organizations remain a top target for threat actors. Healthcare data remains as one of the most valuable pieces of resalable information on the dark web and the critical nature of healthcare networks across the care continuum suggests a low risk tolerance for network downtown. The combination of these two factors make them highly attractive for data theft and ransomware.

Even with the recent news of the FBI taking down the Hive Ransomware group, ransomware attacks continue to barrage the healthcare industry – despite the costly, public and targeted actions taken to protect U.S. hospitals and healthcare providers.

As part of the Hive takedown, the FBI conducted a 7-month investigation, revealing that an estimated 80% of companies did not report potential cyber-related issues to officials. Whether the lack of self-reporting was due to fear of public backlash, working with private cybersecurity firms or simply opting to pay the ransom and move on is unknown.

While the Hive ransomware group bust may not make a significant dent in the number of future ransomware attacks over the long-term, it could help change the narrative on the healthcare industry’s perception and overall mistrust of federal involvement, which may help prevent future attacks on such as this one.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of expert practitioners offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected].

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.


You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
How LinkedIn and a Phone Call Led to the Massive MGM Ransomware Attack
Top 5 Identity Fraud Schemes of 2023
Identity Theft vs. Identity Fraud – What’s the Difference?
Ransomware Attack Shuts Down Emergency Rooms Across Four States
MOVEit Data Breach: The Impact on Higher Education
SEC Adopts New Cybersecurity Rule for Public Companies
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.