Cyber Incident Victim: United Health Centers of the San Joaquin Valley

United Health Centers of the San Joaquin Valley (UHC) experienced a ransomware attack that disrupted its computer systems between August 24 and August 28, 2021. Technical difficulties were first observed on August 28, prompting immediate action to secure systems and initiate an investigation. UHC determined the disruption resulted from an encryption event, indicating ransomware involvement. The organization prioritized restoring systems to maintain patient care continuity while investigating the incident's scope. On September 22, 2021, UHC confirmed that certain data had been compromised during the attack window. The forensic review, completed on April 11, 2022, revealed unauthorized access to sensitive patient information including names, Social Security numbers, and medical record numbers. Notification to affected individuals commenced after this nine-month investigation concluded, approximately one year following the initial attack detection.

The delayed notification timeline reflected the duration required to complete forensic analysis and identify impacted individuals. UHC's public notice acknowledged the encryption event but did not disclose specific technical details about attacker entry points, malware variants, or ransom demands. No evidence suggested operational care interruptions despite system restoration efforts. The compromised data types exposed patients to potential identity theft and medical fraud risks given the inclusion of government identifiers and health information. UHC implemented unspecified cybersecurity enhancements following the incident but provided no details about credit monitoring or identity protection services for victims. The California Attorney General's Office hosted UHC's breach disclosure, confirming regulatory compliance with notification requirements for incidents affecting state residents.