Regal Medical Group, one of the largest healthcare networks in Southern California, has announced that it was the victim of a ransomware cyberattack that potentially resulted in the personal information of its patients being compromised. 

How did Regal Medical Group data breach happen? 

The data breach occurred on or around December 1^st of last year. On December 2^nd, after Regal employees began having difficulty accessing some of its servers, an extensive review of the situation took place. On December 8^th, after malware was detected on its servers, Regal realized that it had been the victim of a cyberattack. Shortly after, Regal hired third-party vendors to help assist with its response to the incident, restore access to its systems, and analyze exactly what data the attacker accessed. 

What data was accessed in Regal Medical Group data breach? 

Unfortunately, according to Regal Medical Group, patients affected by the breach may have had the following categories of data compromised, among others: 

• Name 
• Social Security number 
• Address 
• Date of birth 
• Diagnosis and treatment 
• Laboratory test results 
• Prescription data 
• Radiology reports 
• Health plan member number 
• Phone number 

Notifying those affected 

Regal Medical Group recently began sending letters to people who may have been affected by the breach in the mail. Many people have received this letter and thought that it may be some type of Regal Medical Group scam or Regal Medical Group data breach scam. However, the letter is unfortunately legitimate. 

The letter, along with this post on the Regal Medical Group website outlines the steps those potentially affected by the breach should take to protect their information and identity. Additionally, there is information about how potentially impacted individuals can receive free credit monitoring for one year. 

Be on the lookout 

If you believe that your data may have been compromised in the recent Regal Medical Group breach, here are some things to look out for: 

• Correspondence that seemingly comes from the Social Security Administration, the IRS, or any government agency or financial institution asking you to supply additional information or stating that you owe money. 
• Be very suspicious of any requests or alerts (via email, text, or over the phone) relating to something you have no knowledge of. For example, an email stating there was an attempt to log in to one of your online accounts, or somebody asking you to give them access to your computer. 
• Packages showing up on your doorstep that you didn’t order. 

We can’t list all the signs of every type of scam criminals may commit using leaked data, so if you believe you may be a victim, please be extra cautious. 

Leaked data on the dark web 

The unfortunate reality is that stolen/leaked data will often end up on underground internet forums or the dark web — where it can be sold and shared among cybercriminals. If you would like a way to check if your personal data — email addresses, bank account numbers, Social Security number, passport number, and more — have been leaked online, consider checking out Trend Micro ID Security. 

Trend Micro ID Security will scan the internet and the dark web 24/7 for your data so if it’s ever leaked, you’ll know about it! Click the button below to learn more and claim your  30-day free trial today.