Cyber Incident Victim: San Andreas Regional Center

On July 13, 2021, DuPage Medical Group (DMG) detected a network outage and security incident that disrupted its systems. An investigation initiated with a third-party cyber-forensic specialist determined threat actors had gained unauthorized access to portions of DMG’s network between July 12 and July 13. The forensic review confirmed the attackers accessed specific segments of the infrastructure containing patient data but did not compromise the entire network. DMG did not publicly disclose the exact intrusion method or whether ransomware or malware was deployed. Local law enforcement was engaged to investigate the incident’s origins. The outage persisted for an unspecified duration while DMG worked to contain the breach and restore operations.

The investigation concluded that personal and medical information of 655,384 patients was exposed or accessed during the breach. Compromised data included patient names, contact information, diagnosis codes, Current Procedural Terminology codes related to medical procedures, and treatment dates. A subset of patients also had Social Security numbers exposed, but no financial account details or payment card information was affected. DMG began notifying impacted individuals by August 31, 2021, and offered free credit monitoring and identity theft protection services. The organization implemented additional cybersecurity measures following the incident and initiated a review of its security policies and technology roadmap to prevent future breaches. The incident ranked among the ten largest reported healthcare sector breaches in 2021 based on affected individuals.