United Health Centers of San Joaquin Valley – Data Breach of Medical Information
Consumer Protection Attorneys in California
The Vice Society ransomware gang claims to have conducted a ransomware attack on the California healthcare provider United Health Centers of San Joaquin Valley. United Health Centers operates more than 20 community health centers in Fresno, Kings, and Tulare counties.
The Vice Society ransomware gang emerged mid-2021 and is believed to be a spin-off of the HelloKitty ransomware operation. The gang is known to use a variety of methods to gain access to victims networks, including exploiting vulnerabilities such as the PrintNightmare bugs.
The gang is known for exfiltrating data from victims’ systems prior to the use of ransomware to encrypt files. Data are then published on its data leak site to pressure victims into paying the ransom. This attack appears to be no exception. Bleeping Computer reports it was notified on August 31, 2021 about the ransomware attack on United Health Centers by a trusted member of the cybersecurity community who said the healthcare provider’s entire network was shut down as a result of the attack.
The cyberattack has yet to appear on the HHS’ Office for Civil Rights Breach Portal or the website of the California Attorney General and United Health Centers has not published any notification on its website at the time of writing. Under HIPAA, regulated entities have up to 60 days to issue notifications about a data breach.
Bleeping Computer reports the Vice Society gang has already leaked data allegedly obtained in the attack on its data leak website, some of which contains patients’ protected health information (PHI). Databreaches.net has reviewed some of the dumped files and confirmed they contained PHI such as names, dates of birth, insurance information, dates of service, diagnostic codes, and treatment and service codes, along with a folder containing files of patients who had fallen into arrears on their accounts and were referred to debt collection agencies in 2012. Some of those files included patients’ Social Security numbers, diagnosis information, and other types of PHI.
Bleeping Computer said its source said the attack caused major disruption to its IT systems, although the healthcare provider had backups that were not impacted in the attack. United Health Centers has reportedly started re-imaging computers and restoring data from backups. That, along with the data dump, suggests the ransom was not paid.
Both Bleeping Computer and Databreaches.net said they reached out to United Health Centers multiple times but have yet to receive a response about the attack.
While several ransomware-as-a-service operations place restrictions on industry sectors that can be attacked and avoid the healthcare industry, Vice Society certainly does not fall into that group. Around a fifth of its attacks are conducted on the healthcare sector.
While identity thieves are becoming more sophisticated at breaking through the data protection of businesses, it is the company’s responsibility to provide the highest level of security for their consumers. This is especially true when medical information is involved. Medical information of the type lost here, is given special protection under California law.
(858) 293-4614 Call now to review your case with our Data Breach intake specialist. During this call, our intake specialist will review your claim regarding the UHC San Joaquin Valley Lawsuit.
*HIPAA and CMIA Violations – You may be entitled to damages or other remedies. If you received notice that your information was stolen due to a data breach incident, contact Potter Handy, LLP to join our class action lawsuit. No out-of-pocket expenses from you.
What Information Was Involved?
The information involved may include:
- Full name
- Date of birth
- Dates of service
- Diagnostic codes
- Insurance information
- Diagnosis information
- Social Security numbers
- Treatment and service codes
- Other types of Protected Health Information
- Files of patients who had fallen into arrears on their accounts and were referred to debt collection agencies in 2012
United Health Centers of San Joaquin Valley Lawsuit – Contact Our California Data Breach Lawyers
Have you received notice that your information was stolen due to a data breach incident? If so, you may be entitled to damages or other remedies.
Every day, insurance companies and health care providers lose protected medical information through careless acts, such as emailing third parties’ medical information or sending your personal information to third parties without any encryption or protection.
Our attorneys at Potter Handy, LLP have been instrumental in protecting privacy rights.