Cyber Incident Victim: Centrelake Medical Group
Date:
Jan 2019
Location:
United States of America
Summary
Centrelake Medical Group experienced a cybersecurity incident involving unauthorized third-party access to its systems via a virus that blocked file access. The intrusion compromised servers containing sensitive patient data, including names, Social Security numbers, medical diagnoses, insurance details, and driver’s license information. The breach occurred over several weeks before detection, though no evidence confirmed actual data misuse. The organization initiated an investigation with third-party forensic support, restored its systems, and notified affected individuals and regulators. Proactive measures were implemented to bolster data security protocols and prevent recurrence, alongside establishing a dedicated support line for impacted patients.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 19, 2019, Centrelake Medical Group discovered its information systems were infected with a virus that blocked access to files, prompting immediate restoration efforts and a forensic investigation with third-party assistance. The investigation determined an unknown third party introduced the virus after gaining unauthorized access to servers containing personal and protected health information. Forensic evidence revealed this unauthorized activity began on January 9, 2019, and persisted until the ransomware infection on February 19, 2019. During this 41-day period, the intruder accessed systems housing sensitive patient data, though no evidence confirmed actual viewing or exfiltration of records. The compromised servers stored comprehensive patient information including full names, addresses, phone numbers, Social Security numbers, medical diagnoses, treatment details, driver's license information, health insurance policy numbers, referring provider details, medical record numbers, and dates of service. Centrelake maintained there was no indication of attempted or actual misuse of patient data throughout the incident timeline.
Centrelake initiated patient notifications upon confirming the potential exposure of sensitive information, establishing a dedicated toll-free privacy line (1-866-736-0792) operational on weekdays from 8:00 a.m. to 5:30 p.m. PDT to address patient concerns. The organization concurrently notified relevant regulatory bodies in compliance with legal obligations. While continuing its investigation, Centrelake implemented organizational reviews of data privacy processes, policies, and procedures to strengthen defenses against future incidents. Affected individuals received guidance on monitoring financial accounts, credit reports, and insurance explanations of benefits for suspicious activity, with instructions available through the privacy line regarding credit freezes and fraud alerts. The medical group emphasized its serious approach to patient privacy protections throughout its containment and remediation efforts following the intrusion.