Updated Notice of Data Breach

The following contains important information about a breach from a ransomware cyberattack that potentially impacted the personal information of patients of Regal Medical Group, Lakeside Medical Organization, Affiliated Doctors of Orange County and West Covina Plan IPA, Inc., A Medical Group d/b/a Greater Covina Medical Group (collectively, “Regal”). We also are providing this updated notice on behalf of Heritage Provider Network, Quality Care Surgery Center d/b/a Community Surgery Center of Glendale, Sun Eun Enterprise, Inc. d/b/a Pacific Family Hospice and Valley’s Best Hospice, Inc. We also are providing this updated notice on behalf and at the request of Blue Cross of California d/b/a Anthem Blue Cross, California Physicians’ Services d/b/a Blue Shield of California, CalOptima Health, Inter Valley Health Plan and L.A. Care Health Plan.

What Happened

Regal became aware of the breach on December 8, 2022. The breach occurred on or about December 1, 2022. On December 2, 2022, Regal employees noticed difficulty in accessing some of our servers. After extensive review, malware was detected on some of our servers, which a threat actor utilized to access and exfiltrate data. We hired third-party vendors experienced in this area to assist with our response to the incident. The Regal team worked with the vendors to efficiently restore access to our systems and began a deliberate and comprehensive process to analyze the impacted data. In February 2023, we notified potentially impacted individuals of the breach. In March 2023, we discovered that the servers potentially impacted by the breach contained data of additional potentially impacted individuals.

What Information Was Involved

For patients who may have been impacted by the breach, the categories of impacted personal information may include, among other things: your name, social security number (for certain, but not all, potentially impacted individuals), address, date of birth, diagnosis and treatment, laboratory test results, prescription data, radiology reports, Medicare ID number, health plan member number, and phone number.

What We Are Doing Regal is taking steps to notify potentially impacted individuals of this breach to ensure transparency. In order to help protect your information, we have taken the following steps:
  • Regal will cover the cost for one year for you to receive credit monitoring from Norton LifeLock. To take advantage of this offer, please contact us at the number provided below;
  • Added additional computer security protections and protocols to ensure that your personal information is protected from unauthorized access;
  • Notified law enforcement of this incident;
  • Notified the US Department of Health and Human Services, Office for Civil Rights, of this incident, as well as the California Attorney General and other regulatory agencies; and
  • Notified the local media to ensure that all impacted individuals are aware of the breach.
What You Can Do To help protect their identity, we recommend that potentially impacted individuals take immediate steps to protect themselves from potential harm:
  • Register a fraud alert with the following credit bureaus; and order credit reports as follows:
    • Experian: (888) 397-3742; www.experian.com; National Consumer Assistance, P.O. Box 9554, Allen, TX 75013
    • TransUnion: (800) 680-7289; www.transunion.com; Fraud Victim Assistance Department, P.O. Box 2000, Chester, PA 19016-2000
    • Equifax: (800) 525-6285; www.equifax.com; Fraud Victim Assistance Department, Consumer Fraud Division, P.O. Box 740256, Atlanta, GA 30374
  • Monitor account statements, Explanation of Benefit forms, and credit bureau reports closely; and
  • Contact your state Consumer Protection Agency: www.usa.gov/state-consumer.

If you think that your personal information is being improperly used, you can also contact local law enforcement to file a police report. Finally, you can contact the Federal Trade Commission (“FTC”) at 1-877-ID THEFT (877-438-4338) or review the information on identity theft promulgated by the FTC at www.ftc.gov/bcp/edu/microsites/idtheft/.

Other Information

For information about your health information privacy rights, you may visit https://www.hhs.gov/hipaa/for-individuals/index.html

For More Information

If you have any additional questions about this incident, please contact us at (866) 918-5293.