Story updated: July 7, 2024
Palomar Health Medical Group (Palomar Health) has announced that it will soon send out data breach letters because of “suspicious activity” on its computer systems involving its Poway and Escondido facilities.
The healthcare provider, which operates within the Palomar Health Healthcare District, including Palomar Medical Center Poway and Palomar Medical Center Escondido, originally stated that its main hospital facilities have not been affected by this cybersecurity event.
As previously reported, the cyber incident, which was discovered on May 5, 2024, caused significant disruption to Palomar Health’s operations. It led to the temporary shutdown of its phones, faxes, and patient portals, thus hampering routine operations and patient communications.
The information Palomar has provided, however, is vague — it claims it still “is not able to identify the specific individuals and information that may have been impacted.” Palomar has yet to officially file a notice of data breach with the California Attorney General’s office.
However, for the first time it has admitted that patients’ personal and medical information compromised in the breach “could include:
- Name
- Address
- Date of birth
- Social Security number
- Medical history information
- Disability information
- Diagnostic information
- Treatment information
- Prescription information
- Physician information
- Medical record number
- Health insurance information
- Subscriber number
- Health insurance group/plan number
- Credit/debit card number
- Security code/PIN number
- Expiration date
- Email address
- Username
- Password ”
The data breach incident may have included copying files and “may have caused certain files to become unrecoverable.”
Palomar Health claims to have engaged third-party cybersecurity specialists to investigate the source of the disruption and to confirm its impact on their systems.
This most recent incident highlights the ever-present and growing threat of cyberattacks on our healthcare systems, which house sensitive patient data and rely heavily on technology for day-to-day operations. This attack further underscores the importance of strong cybersecurity measures and the need for constant vigilance in the face of such threats.
Class action investigations are underway and at least one class action lawsuit was filed. We will update this story as more details emerge about the Palomar Health cyberattack and the steps being taken to prevent future incidents.
For more detailed information on this developing story, please refer to the original San Diego Union-Tribune and NBC San Diego reports.