Cyber Incident Victim: Palomar Health Medical Group

On May 5, 2024, Palomar Health Medical Group detected suspicious activity on certain computer systems within its network, prompting an immediate investigation. The organization took proactive containment measures by shutting down affected systems the same day to prevent potential malware propagation. This action resulted in a widespread outage impacting critical operational infrastructure, including phone lines, fax machines, and the patient portal essential for prescription management and appointment coordination. By May 6, Palomar formally notified patients via letter about the disruption, acknowledging the incident’s effect on healthcare delivery while withholding technical specifics about the nature of the suspicious activity. The preemptive system isolation caused significant service degradation, forcing patients to obtain new prescriptions or refills exclusively through in-person visits to physician offices due to the portal’s unavailability.

Palomar engaged third-party cybersecurity specialists to investigate the incident’s origin, assess its operational impact, and expedite system restoration. The organization confirmed its broader healthcare district facilities—Palomar Medical Center Poway and Palomar Medical Center Escondido—remained unaffected by the network disruption, limiting the incident’s geographic scope to the medical group’s infrastructure. Patients experienced delays in clinical services as the medical group operated under reduced technological capacity, though Palomar did not quantify the magnitude of appointment rescheduling or operational backlog. Concurrently, investigators worked to determine whether the suspicious activity compromised protected health information or other sensitive data within the environment. Palomar committed to restoring full system functionality but provided no estimated timeline for resolution as of its May 7 statement to NBC San Diego.