The California healthcare provider, United Health Centers of San Joaquin Valley, has reported a ransomware attack that may impact thousands of former and current patients. United Health Centers operates over 20 community health centers in Fresno, Kings, and Tulare counties.
The Vice Society ransomware gang is thought to be responsible for the hack, and has been known to target healthcare entities in the past. The gang is known for exfiltrating data from IT systems prior to the use of ransomware to encrypt certain files. Personal data can then be published on its site to pressure victims into paying a ransom.
The United Health Centers cyberattack has yet to appear on the HHS’ Office for Civil Rights Breach Portal or the website of the California Attorney General and United Health Centers has not published any official data breach notification on its website. Under HIPAA regulations, entities have 60 days to issue data breach notifications.
Some of the United Health Centers data already allegedly leaked contains patients’ protected health information (PHI) as well as names, dates of birth, insurance information, dates of service, Social Security numbers, diagnosis information, and other types of personal data.
The Lyon Firm is investigating the United Health Centers data breach and is actively involved in numerous data privacy cases and has experience filing data security claims on behalf of plaintiffs nationwide.
