San Andreas Regional Center located in San Jose, CA has begun informing patients regarding the potential compromise of their PHI in a ransomware attack in July 2021.
On July 5, its systems and servers were shut down because of the attack. Action was quickly taken to manage the attack and third-party computer forensics specialists were involved to look into the breach, find out how the attackers gained access to its systems, and find out the scope of patient information compromised.
The preliminary inquiry into the ransomware attack was done on August 2, 2021, when it was affirmed that the attackers had acquired access to parts of the system where patients’ protected health information (PHI) was kept and particular files saved on its servers that included patient information were exfiltrated by the attackers before using ransomware. It wasn’t possible to find out any particular patient data which the attackers stole.
During the issuance of notification letters to impacted patients, San Andreas Regional Center hadn’t recognized any cases of attempted or actual patient information misuse. An analysis of all files the attackers had access to affirmed the potential compromise of the following types of patient data in the attack: First and last names, birth dates, addresses, email addresses, phone numbers, Social Security numbers, health plan beneficiary numbers, medical insurance data, full-face pictures, and or comparable photos, UCI (unique identifying number or code created by SARC for patients), medical data, disability codes, diagnoses, and other certificate/license numbers.
San Andreas Regional Center is updating its policies and procedures. Employees have obtained additional cybersecurity instruction, and more cybersecurity safety measures are being put in place to reinforce security. Free credit monitoring and identity theft protection services are being given to impacted persons.
The center has reported the breach to the HHS’ Office for Civil Rights nevertheless the incident is not yet published on the OCR breach website, therefore it is presently uncertain how many patients were impacted.