Servers Compromised and Virus Deployed at Centrelake Medical Group

Centrelake Medical Group, a group of 8 medical imaging and oncology clinics in California, is notifying a number of patients that some of their protected health information has been exposed due to of a computer virus.

The computer virus was identified in February 2019 when it stopped the medical group from accessing its files. The virus seems to be a form of ransomware, although no mention of ransomware or a ransom demand was made in the media notice released by Centrelake.

Centrelake contracted a computer forensics company to assist with the investigation to determine the scope of the attack and whether any files containing protected health information had been accessed or copied.

The investigation showed that an unauthorized individual had obtained access to its servers on January 9, 2019. Before deploying the virus on February 19, 2019, the unauthorized individual was able to access the servers unnoticed.

It is not uncommon for ransomware to be downloaded on systems after hackers have breached security defenses. In some instances, ransomware is deployed after the system has been investigated and all valuable data has been taken. In this instance, the computer forensics company did not uncover any proof to suggest patient information was accessed or copied during the time that system access was possible, and no reports have been filed to suggest any attempted or actual misuse of data has taken place.

The servers logged onto the unauthorized third party contained software applications and files that may have included the following types of patient information: Names, phone numbers, addresses, Social Security numbers, health insurance data, diagnoses, services performed, dates of service, medical record numbers, referring provider data, and driver’s license numbers.

Centrelake Medical Group has advised patients to be alert to the possibility of data misuse and suggests patients should  review their financial accounts, credit reports, and explanation of benefits statements for any indication of fraudulent activity. A toll-free number has been set up for patients to obtain further data, but it does not appear that patients are being provided with credit monitoring and identity theft protection services.

The Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal states that 197,661 patients have been impacted.

Author: Maria Perez