Squirrel Hill Health Center & La Clinica de la Raza Infiltrated by Malware Attacks

by | Apr 12, 2021

On January 28, 2021 malware was discovered on databases holding private patient at the data La Clinica de la Raza in Oakland, CA. The clinic is now getting in touch with a range of patients to inform them that their protected health information may have been breached.

An external forensics group was hired to conduct an investigation into the malware attack.  On February 26, 2021 the group uncovered evidence of the malware allowing files including patient data to be accessed. The duration of the breach was short as it was only live for one day January 12, 2021. However, during the short period of time that the malware was live it is thought that the files may have been infiltrated by unauthorized individuals, but it is also thought there that involved very few documents including full names, dates of birth, phone numbers, home addresses, health insurance information, and certain health data including appointment details, diagnosis, test results, and treatment information related to medical services administered at the health center.

Measures have been implemented to enhance data security, including bolstering its intrusion detection and prevention system, securing login details, conducting additional staff training, and configuring other security solutions. The breach report filled to the HHS’ Office for Civil Rights shows 31132 individuals were impacted.

Meanwhile Squirrel Hill Health Center in Pittsburg, PA has become aware that malware was placed on its databases which allowed hackers with access to files that holds patients’ protected health information. An investigation found that a security breach took place on February 4, 2021.  An external computer forensic firm was contracted to review the breach and determined unauthorized individuals obtained access to its databases on January 28, 2021 and access was still open until February 4, 2021. While it is typical for attacks like this to steal personal data the clinic found no proof that personal information was subjected to actual or attempted improper use.

A review of the files that were potentially accessed revealed they contained names, addresses, dates of birth, diagnostic codes, limited appointment scheduling details, and, for a subset of individuals, Social Security numbers. The breach has affected 23,869 individuals. The groups security measures for the storage of and access to patient information is being subjected to a complete review and enhances measures are expected to be implemented soon.

Finally, the California Department of State Hospitals announced that in March 2021 a member of staff in their IT department accessed the data of 1,415 current and former patients and 617 employees without adequate authorization over the previous 10 months. This incident was first identified on February 25, 2021 as part of a routine audit of staff access to data storage.

Following an investigation into the insider breach it was found that the breach was worse than earlier believed. The data of 1,735 previous and current Atascadero State Hospital staff members and 1,217 DSH job applicants who never worked there. While the sensitive data was viewed there is no evidence to suggest indication that any data was improperly accessed.


Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy