Cyber Incident Victim: Monterey Health Center
Date:
Aug 2019
Location:
United States of America
Summary
Monterey Health Center experienced a ransomware attack compromising a server containing sensitive patient information, though data exfiltration was ruled out while unauthorized access remained unconfirmed. The impacted data included personal identifiers, financial details, medical histories, diagnostic records, treatment information, and insurance data. Separately, Central Valley Regional Center disclosed unauthorized access to employee email accounts affecting similar categories of personally identifiable and health-related information, with a subset of individuals facing potential exposure of tax documents, financial credentials, and account access codes. Both entities offered credit monitoring services to affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 12, 2019, Monterey Health Center in Oregon discovered it had experienced a ransomware attack targeting its systems. The attack compromised a server containing extensive patient information, though the organization later confirmed successful restoration of the affected data. While investigators ruled out data exfiltration—indicating no evidence that information was copied or transferred externally—they could not definitively rule out unauthorized access to the stored records during the incident. The compromised server held highly sensitive patient details, including full names, physical addresses, driver’s license numbers, financial account information, Social Security numbers, and dates of birth. Medical data exposed encompassed comprehensive health histories, diagnoses, laboratory and test results, treatment records, prescribed medications, health insurance policy details, and claims-related information. The attack disrupted normal operations, necessitating immediate containment and forensic efforts to assess the intrusion’s scope and impact on patient privacy.
Monterey Health Center issued a public press release on August 12, 2019, confirming the ransomware incident and its findings regarding data accessibility. The organization did not disclose specific technical details about the ransomware variant, initial attack vector, or duration of system compromise prior to detection. No evidence suggested patient data was exfiltrated, but the inability to rule out access left residual risks of potential misuse. The center did not specify whether it paid a ransom or relied solely on backups for data restoration. Affected individuals were notified of the breach, though the article does not detail the number of impacted patients or the methods of communication used. The incident exposed patients to potential identity theft, medical fraud, and financial harm due to the breadth of personal and health information involved. Monterey Health Center’s public statement emphasized the restoration of systems but did not reference credit monitoring or identity protection services for those affected.