The following contains important information about a breach from a ransomware cyberattack that potentially impacted the personal information of patients of Regal Medical Group, Lakeside Medical Organization, Affiliated Doctors of Orange County and West Covina Plan IPA, Inc., A Medical Group d/b/a Greater Covina Medical Group (collectively, “Regal”). We also are providing this updated notice on behalf of Heritage Provider Network, Quality Care Surgery Center d/b/a Community Surgery Center of Glendale, Sun Eun Enterprise, Inc. d/b/a Pacific Family Hospice and Valley’s Best Hospice, Inc. We also are providing this updated notice on behalf and at the request of Blue Cross of California d/b/a Anthem Blue Cross, California Physicians’ Services d/b/a Blue Shield of California, CalOptima Health, Inter Valley Health Plan and L.A. Care Health Plan.
| What Happened |
Regal became aware of the breach on December 8, 2022. The breach occurred on or about December 1, 2022. On December 2, 2022, Regal employees noticed difficulty in accessing some of our servers. After extensive review, malware was detected on some of our servers, which a threat actor utilized to access and exfiltrate data. We hired third-party vendors experienced in this area to assist with our response to the incident. The Regal team worked with the vendors to efficiently restore access to our systems and began a deliberate and comprehensive process to analyze the impacted data. In February 2023, we notified potentially impacted individuals of the breach. In March 2023, we discovered that the servers potentially impacted by the breach contained data of additional potentially impacted individuals. |
| What Information Was Involved |
For patients who may have been impacted by the breach, the categories of impacted personal information may include, among other things: your name, social security number (for certain, but not all, potentially impacted individuals), address, date of birth, diagnosis and treatment, laboratory test results, prescription data, radiology reports, Medicare ID number, health plan member number, and phone number. |
| What We Are Doing | Regal is taking steps to notify potentially impacted individuals of this breach to ensure transparency. In order to help protect your information, we have taken the following steps:
|
| What You Can Do | To help protect their identity, we recommend that potentially impacted individuals take immediate steps to protect themselves from potential harm:
If you think that your personal information is being improperly used, you can also contact local law enforcement to file a police report. Finally, you can contact the Federal Trade Commission (“FTC”) at 1-877-ID THEFT (877-438-4338) or review the information on identity theft promulgated by the FTC at www.ftc.gov/bcp/edu/microsites/idtheft/. |
| Other Information |
For information about your health information privacy rights, you may visit https://www.hhs.gov/hipaa/for-individuals/index.html |
| For More Information |
If you have any additional questions about this incident, please contact us at (866) 918-5293. |