SAN DIEGO (KGTV) — Palomar Health Medical Group is disclosing information that may have been compromised in a cyberattack that disrupted the organization’s day-to-day operations.
It’s a lengthy list that includes patients’ names, addresses, Social Security numbers, medical histories and prescription information.
Late Wednesday night, ahead of the Fourth of July holiday, a marketing company representing Palomar said in an email that an “unauthorized individual” may have accessed and copied certain files on the Palomar network between April 23 and May 5.
According to a statement from InnoVision Marketing Group, the incident may have rendered certain files unrecoverable.
“They are silent”
Since the attack, patients have told Team 10 they have been unable to refill prescriptions or make doctor appointments, doctors have had limited access to patient records, and phone lines and computer systems remain down.
“I wish they’d let us know,” said Patricia Ryan, a patient at Palomar Hospital who said she nearly ran out of blood pressure medication last month after failing to get refills.
Ryan said he was unaware of the list of potentially leaked information until he received a call from Team 10 on Thursday.
The list includes disability and diagnosis information, health insurance details, emails, credit and debit card numbers, PINs and passwords.
“We haven’t heard anything. They’ve been silent,” Ryan said.
Notify law enforcement
In a statement sent by Innovision, Palomar said it takes the confidentiality, privacy and security of the information under its control very seriously.
“Upon discovery of the incident, PHMG launched a thorough investigation to determine the nature and scope of the incident and what information was affected, and took immediate steps to ensure the security of our network environment,” the statement said. “PHMG has also notified law enforcement agencies and will continue to evaluate our policies and procedures related to data privacy and security.”
Palomar said it urges patients to remain vigilant against identity theft and fraud, and encourages customers to review their bank and credit card statements and report any suspicious activity.
Customers with questions about the incident can call 888-829-5736, Monday through Friday, 9 a.m. to 9 p.m.
Related article: