The Regal Medical Group data breach potentially impacted millions of patients' personal information. Regal Medical Group became aware of the ransomware cyberattack breach on December 8, 2022, which they later learned occurred on or about December 1, 2022.
What Happened
What Information was Involved
On Friday, December 2, 2022, Regal Medical Group noticed difficulty in accessing some of their servers. After extensive review, malware was detected on some of their servers, which they later learned resulted in the threat actor accessing and exfiltrating certain data from their systems. They hired third-party vendors experienced in this area to assist with their response to the incident. The Regal team worked with our vendors to efficiently restore access to their systems and to analyze the impacted data.
At this time, based on the third-party vendors’ review, Regal Medical Group believe that their customers' personal information may have been impacted in the incident, and that their impacted personal information may include: their names, social security numbers (for certain, but not all, potentially impacted individuals), date of birth, addresses, diagnosis and treatment, laboratory test results, prescription data, radiology reports, health plan member number, and phone numbers.
What Regal Medical Group is Doing
Regal is taking steps to notify you of this breach to ensure transparency and awareness of our findings. In order to help protect your information, Regal Medical Group have taken the following steps:
-
Regal will cover the cost for one year for you to receive credit monitoring from Norton LifeLock. To take advantage of this offer, please see the attached instructions; • Added additional computer security protections and protocols to ensure that your personal information is protected from unauthorized access;
PO Box 3356
Suwanee, GA 30024-9847
304 1 64441 ***********AUTO**5-DIGIT 93065
John Doe
123 Anystreet Dr
Anytown, NY 12345
64441
Dear John Doe:
-
Notified law enforcement of this incident;
-
Notified the U.S. Department of Health and Human Services of this incident, as well as the California Attorney General and other applicable regulatory agencies; and
-
Notified the local media to ensure that all impacted individuals are aware of the breach.
What You Can Do
To help protect your identity, Regal Medical Group recommend you take immediate steps to protect yourself from potential harm:
-
Please consider utilizing the Norton LifeLock service provided by us to you, by following the instructions in the attachment;
-
Register a fraud alert with the following credit bureaus and order credit reports as follows:
- Experian: (888) 397-3742; www.experian.com; National Consumer Assistance, P.O. Box 9554, Allen, TX 75013
- TransUnion: (800) 680-7289; www.transunion.com; Fraud Victim Assistance Department, P.O. Box 2000, Chester, PA 19016-2000
- Equifax: (800) 525-6285; www.equifax.com; Fraud Victim Assistance Department, Consumer Fraud Division, P.O. Box 740256, Atlanta, GA 30374
-
Monitor account statements, Explanation of Benefit forms, and credit bureau reports closely; and
-
Contact your state Consumer Protection Agency: www.usa.gov/stateconsumer.
If you think that your personal information is being improperly used, you can also contact local law enforcement to file a police report. Finally, you can contact the Federal Trade Commission (“FTC”) at 1-877-ID THEFT (877-438-4338) or review the information on identity theft promulgated by the FTC at www.ftc.gov/bcp/edu/microsites/idtheft/.
Other Information
For information about your privacy rights, you may visit: https://www.hhs.gov/hipaa/for-individuals/index.html
For More Information
If you have any additional questions about this incident, please contact us at (866) 918- 5293
Regal understands the importance of safeguarding your personal information and takes that responsibility very seriously. They will do all they can to assist any individuals whose personal information may have been compromised and help them work through the process. They appreciate your support during this time.