PHI of Palomar Health Medical Group Patients Exposed Due to Cyberattack

by | Jul 12, 2024

Palomar Health Medical Group has informed its patients that an April 2024 cyberattack may have affected their data. The company is a primary and specialty care provider to North San Diego County locals. Patients’ protected health information (PHI) may have been exposed during the cyberattack. The medical group discovered the security breach on or about May 5, 2024, and quickly took action to stop unauthorized access to its network. The company investigated the incident to know the nature and extent of the incident, which verified that hackers got access to its system between April 23, 2024 and May 5, 2024.

Palomar Health Medical Group stated the cyberattack potentially resulted in some unrecoverable files, indicating ransomware use. The cyberattack investigation confirmed the exfiltration of some files from its system. The investigative team is still reviewing those files and the process of possibly getting back the impacted files. It is expected that the complete repair of the impacted systems will be done by July 1, 2024; then again, the process of recovery is quite challenging and is taking more time than expected.

Palomar Health Medical Group cannot tell specifically the number of patients impacted or the exact types of information that were compromised or stolen during the attack; nevertheless, affected categories of data have been identified. The exposed data differs from one person to another and, according to the preliminary results of the investigation, includes patient names along with at least one of these data: address, birth date, Social Security number, medical background data, disability details, diagnostic data, treatment details, doctor prescribed drugs data, doctor data, medical record number, medical insurance data, subscriber number, medical insurance group/plan number, debit/credit card number, expiration date, security code/PIN number, email address/username and password.

The breach has impacted present and past patients of Palomar Health Medical Group. Patients of Pacific Accountable Care and Graybill Medical Group, affiliates of Palomar Health Group, were also affected. Personal notification letters will be sent by mail to the impacted persons as soon as the file analysis is finished. With this incident, it is recommended to reinforce cybersecurity by improving its defense system and giving employees refresher HIPAA training.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy