Petaluma Health Center
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The Petaluma Health Center (PHC) in California experienced a data breach on March 14, 2023, when an unauthorized party gained access to their network environment. The breach potentially exposed personal information of certain current and former patients, including names, addresses, Social Security numbers, dates of birth, medical information, and health insurance information[1][3][5][7][9][11][13][15].
Upon discovering the incident, PHC immediately shut off network access and engaged a specialized third-party forensic incident response firm to secure the network and investigate the extent of the unauthorized activity. PHC has since secured its network and has no evidence to suggest that the information has been misused. They have not received any reports of identity theft or related misuse of information from the time of the incident to the present[1].
PHC has taken steps to enhance their technical safeguards to prevent similar incidents in the future. They are providing complimentary credit monitoring and identity theft protection services to all potentially impacted individuals. PHC has also sent written notices to those affected, advising them on how to protect their information[1].
The cybercrime group Karakurt is reported to be responsible for the breach. Karakurt is known for its strategic and relentless tactics, including exploiting vulnerabilities, purchasing access to compromised systems, and using stolen credentials to gain unauthorized access. They typically exfiltrate large volumes of data and engage in extortion by threatening to release or auction the stolen data[3].
The breach reportedly exposed the personal and medical information of close to 125,000 individuals[9]. PHC filed a notice of the data breach with the Attorney General of Maine, and the breach notification letters were sent out to affected individuals on April 24, 2023[7][15].
For those seeking more information or with questions about the incident, PHC has provided a dedicated toll-free helpline and additional information on their website[1].
Citations:
- https://phealthcenter.org/notice-of-data-incident/
- https://www.ucsfhealth.org
- https://www.sonomacountygazette.com/sonoma-county-news/a-deep-dive-into-the-petaluma-health-center-data-breach/
- https://stanfordhealthcare.org
- https://www.pressdemocrat.com/article/news/petaluma-health-center-notifies-patients-of-data-breach/
- https://mychart.ochin.org/mychart/Authentication/Login
- https://www.jdsupra.com/legalnews/petaluma-health-center-files-official-5515492/
- https://www.calix.com
- https://www.girardsharp.com/results-investigations/phc-data-breach-investigation/
- https://www.vitalant.org
- https://www.turkestrauss.com/2023/05/02/petaluma-health-center-data-breach-investigation/
- https://ksltv.com
- https://www.myinjuryattorney.com/petaluma-health-center-data-breach/
- https://www.kqed.org
- https://apps.web.maine.gov/online/aeviewer/ME/40/d7e32cb2-f9d6-489f-bd76-294e92eb6664.shtml
- https://www.lacera.com