Malware Attack Compromises Centrelake Medical Group Patient Data

A malware attack on Centrelake Medical Group has resulted in sensitive patient information being compromised.

Centrelake Medical Group is a network of 8 medical imaging and oncology centres in California. They discovered a malicious virus on their system in February 2019 which blocked access to all of their files.

Although the virus appears to perform the function of malware, Centrelake Medical Group did not mention receiving a ransom demand from a threat actor in their media notice about the attack. Subsequent reports indicated that the malware was not ransomware, therefore leaving some uncertainty as to the motivation behind the attack.

Centrelake contracted a third-party computer forensics company to assist with the investigation. The investigators wished to determine the scope of the attack, whether unauthorised individual access or copied files containing protected health information and the potential consequences of the breach.

The investigation revealed that an unauthorised individual had gained access to its servers on January 9, 2019. The unauthorised individual could access the servers undetected until they deployed the virus on February 19, 2019.

Hackers often install ransomware on a system once they have successfully infiltrated the network. Sometimes ransomware is deployed after the hacker has exfiltrated all useful or valuable information form a system.

In this instance, the computer forensics company did not uncover any evidence to suggest the hacker accessed or copied patient information. Furthermore, they did not uncover any evidence to suggest any attempted or actual misuse of data has occurred.

The investigators determined that the unauthorised individual may have accessed patient names, phone numbers, addresses, Social Security numbers, health insurance information, diagnoses, services performed, dates of service, medical record numbers, referring provider information, and driver’s license numbers.

Following HIPAA’s Breach Notification Rule, all patients affected by the breach have been notified.

Centrelake Medical Group has advised patients to be alert to the possibility of data misuse and suggests that patients should monitor their financial accounts, credit reports, and explanation of benefits statements for any sign of fraudulent activity. The facility has created a toll-free number for patients to obtain further information.

The incident has yet to appear on the Department of Health and Human Services’ Office for Civil Rights breach portal, so it is currently unclear exactly how many patients have been affected.