Cyber-criminals may have accessed the protected health information (PHI) of hundreds of thousands of patients of a network of community health centers based in California.
Nonprofit Community Medical Centers (CMC), which is headquartered in the city of Stockton, primarily serves low-income patients, migrants, and homeless people in the Northern California counties of San Joaquin, Solano, and Yolo.
In a statement issued on October 15, CMC said that "some unusual network activity" had been detected "early on Sunday, October 10."
As a precaution, the agency shut down its entire network, including its servers, computers, and some phone lines that patients had been using to access their medical records, make appointments, and receive information relating to COVID-19.
"We know how hard this is on our patients," said Preethi Raghu, chief operating officer at Community Medical Centers. "We are doing everything in our power to continue patient care and restore our systems."
CMC launched an investigation into the unusual network activity with the help of third-party experts in cybersecurity. An examination of the digital forensic evidence determined that unauthorized individuals had gained access to parts of its network in which patients' protected health information was stored.
Data that may have been obtained by the hackers includes medical information, first and last names, mailing addresses, dates of birth, demographic information and Social Security numbers.
A breach report filed with the Maine attorney general states that the protected health information of 656,047 individuals was potentially compromised in the incident, 8 of whom are Maine residents.
"Please understand that this situation is fluid, and we will continue to work with law enforcement and cybersecurity experts to assess the full scope and nature of the incident, as well as to fix the situation," said CMC in a statement that was updated on October 27.
CMC did not say whether their investigation had discovered evidence of a ransomware attack.
Individuals affected by the security breach are being offered complimentary identity theft protection, identity theft resolution, and credit monitoring services.
"We continue to make progress on restoring all systems safely and returning to normal operations," said CMC.
"We have also taken steps to improve our network security to further secure sensitive data and prevent any misuse of patient information.”