Cyber Incident Victim: La Clinica de la Raza

La Clinica de la Raza discovered malware on its systems on January 28, 2021, following an investigation that determined unauthorized access had occurred and concluded on January 12, 2021. The malware specifically targeted systems storing personal and health information, though the organization did not publicly disclose the exact malware variant or initial intrusion method. Forensic analysis confirmed the unauthorized activity was confined to that single day, with no evidence of prolonged access or ongoing compromise beyond January 12. The investigation revealed that attackers accessed files containing sensitive patient data, though the clinic did not specify the number of affected individuals or whether data was exfiltrated versus merely accessed. Systems impacted included those storing registration, insurance, and clinical treatment records based on the types of information exposed.

Compromised information included full names, dates of birth, phone numbers, home addresses, and health insurance details. Clinical data exposure encompassed dates of service, diagnoses, test results, and treatment information related to care received at the facility. La Clinica issued breach notifications referencing the California Attorney General’s website as the authoritative source for their full disclosure, though the notification date was not specified in available sources. The organization did not describe specific containment measures beyond initiating an investigation upon malware detection, nor did it disclose whether ransomware was deployed or whether systems required restoration. Impacted individuals received notice that their protected health information and personally identifiable information were potentially accessed during the unauthorized activity window.