Personal and Health Information of 656,000 Patients of California Clinic Potentially Compromised

Community Medical Centers in California has announced it suffered a cyberattack in October in which the personal and protected health information of more than 656,000 individuals was potentially compromised.

Community Medical Centers is a nonprofit network of neighborhood health centers in Northern California serving patients in San Joaquin, Solano, and Yolo counties. The healthcare provider issued a notification to the Maine Attorney General on October 29, 2021, about an external hacking incident that occurred on October 10, 2021.

The breach notification did not provide details of the nature of the cyberattack, only that the attackers gained access to parts of its network that contained sensitive patient information including first and last names, mailing addresses, Social Security numbers, dates of birth, demographic information, and medical information. That information may have been accessed and/or exfiltrated by the attackers.

Community Medical Centers said it acted quickly when unauthorized activity was detected in its network and proactively shut down its IT systems to limit the potential for data theft. An assessment was then conducted to determine the nature and scope of the breach. No evidence was found to indicate patient data was exfiltrated and there have been no reports to date to suggest any patient information has been misused. However, as a precaution, affected individuals have been offered complimentary access to credit monitoring and identity theft protection services for 12 months.

Community Medical Centers started issuing notifications to affected individuals on November 2, 2021, law enforcement has been notified, and the breach has been reported to regulators. Community Medical Centers said it conducted a review of its security policies and procedures, which have been updated to improve security and changes have also been made to how data within its network is managed.

With 656,047 healthcare records potentially compromised, this is one of the largest U.S. healthcare data breaches to be reported so far in 2021.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news