Cyber Incident Victim: Regal Medical Group
Date:
Dec 2022
Location:
United States of America
Summary
A ransomware attack targeted a southern California medical group, compromising sensitive data of over 3.3 million individuals across its affiliated healthcare organizations. The breach involved unauthorized access and exfiltration of patient information including names, Social Security numbers, diagnoses, treatment details, prescriptions, and lab results after malware was detected on servers. Employees discovered system access disruptions, prompting engagement of third-party experts to restore operations and analyze impacted data. The organization implemented enhanced security measures and offered affected individuals complimentary credit monitoring. The incident reflects broader healthcare sector vulnerabilities to ransomware threats targeting protected health information and critical infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around December 1, 2022, Regal Medical Group, a southern California-based healthcare provider, suffered a ransomware cyberattack that compromised its servers. Employees detected system access difficulties on December 2, 2022, prompting an investigation that identified malware infiltration and unauthorized data exfiltration by threat actors. The breach impacted Regal Medical Group and its affiliated entities—Lakeside Medical Organization, Affiliated Doctors of Orange County, and Greater Covina Medical Group—exposing sensitive health and personal information of over 3.3 million individuals. Compromised data included patient names, Social Security numbers, dates of birth, phone numbers, medical diagnoses, treatment details, health plan member numbers, prescription records, and laboratory results. Regal engaged third-party cybersecurity vendors to assist with system restoration and forensic analysis, successfully regaining access to affected infrastructure. The organization reported the incident to the U.S. Department of Health & Human Services’ Office of Civil Rights in compliance with federal breach notification requirements for incidents affecting 500 or more individuals.
Regal Medical Group implemented enhanced security protocols following the attack and offered affected patients one year of complimentary credit monitoring services, publicizing a dedicated support line (866-918-5293) for inquiries. The incident occurred amid heightened ransomware targeting of healthcare organizations, with contemporaneous reports indicating nearly half of healthcare IT professionals experienced such attacks within two years. Federal law enforcement had recently disrupted the Hive ransomware group, which specialized in hospital attacks, recovering decryption keys that prevented approximately $130 million in ransom payments. While the article did not specify whether Regal paid a ransom or experienced operational disruptions to patient care, it contextualized the attack alongside other healthcare cyber incidents like Tallahassee Memorial Healthcare’s December 2022 IT security event that forced surgical postponements and system downtime. The breach underscored systemic vulnerabilities in healthcare data security, with attackers exploiting the sector’s critical reliance on operational systems and sensitive patient data repositories.