Tri-City Medical Center in Oceanside, California, faced a significant cybersecurity attack starting November 9, 2023. This attack led to major disruptions, including the diversion of ambulances and the declaration of an internal emergency.
The hospital had to collaborate with San Diego County’s Office of Emergency Services to manage the situation. During this period, the hospital’s electronic health systems were down, and they had to treat non-ambulance patients on a case-by-case basis.
Tri-City Medical Center, which serves the communities of Carlsbad, Oceanside, and Vista, is an acute care hospital with 144 beds. The cyberattack forced them to implement emergency measures. The hospital’s IT systems were down, and emergency room staff had to adapt to these challenges.
The hospital resumed elective surgeries and procedures and began accepting ambulance traffic once systems were restored on November 17, eight days after the attack.
The hospital is still investigating the cyberattack and has not confirmed if patient information was stolen. They hired a public relations firm to handle communications about the attack. The firm stated that the hospital’s primary concern has been the health and wellness of its patients. They also acknowledged the support from first responder agencies and neighboring healthcare facilities during the emergency.
Tri-City Data Breach Leads to Dark Web Leak
Recently, there has been a concerning development in the cyberattack on Tri-City Medical Center. A group known as “INC RANSOM,” identified by a cybersecurity expert, has posted stolen documents from the hospital on the dark web.
This post includes patient authorization forms and financial records, which contain personal information like names and phone numbers. However, it’s not certain if the hackers accessed Tri-City’s more sensitive electronic medical records system, which holds patient progress notes, test results, and medical imaging.
These posts are typically aimed at pressuring the hospital into paying a ransom to prevent further data exposure. In a worrying trend, ransomware groups are now using stolen information as leverage, directly contacting patients and making specific demands.
This breach poses risks of healthcare billing fraud and credit card fraud. Stolen information can be used for fraudulent activities like impersonating a patient for billing or applying for credit cards in victims’ names. People who received care at Tri-City are advised to assume that some of their personal information might have been compromised and to take precautions like freezing their credit to prevent misuse
The incident at Tri-City Medical Center is a further call for heightened vigilance and robust cybersecurity measures across the healthcare sector. It underscores the need for healthcare providers to fortify their digital defenses and prepare for the inevitability of cyberattacks.
Failure to do so not only jeopardizes patient safety but also inflicts significant financial and operational damages, as evidenced by previous attacks on Scripps Health network and UC San Diego Health.
Next Steps if Your Data May Be at Risk
If you sought medical care at Tri-City Medical Center and are understandably concerned that your personal, financial, and medical information may be at risk, there are immediate steps you can take to help protect your personal information.
- If you have a username and password associated with an account at Tri-City, consider changing the password.
- Be on the alert for unauthorized activity in your financial accounts or medical records.
- Purchase credit monitoring services.
- Order and review your annual free credit reports from the three major credit bureaus — Experian, TransUnion, and Equifax.
- Set a “fraud alert” with one of the three major credit bureaus.
- Implement a “security freeze” on your credit report.
- Acquire an “identity protection pin” from the IRS.
- Secure legal representation.
Differentiating Between “Credit Freeze” and “Fraud Alert”
A credit freeze is the strongest step you can take to prevent fraudulent accounts from being opened under your name. It restricts credit bureaus from sharing your information with third parties. However, it doesn’t affect your ability to use active credit cards or your credit score, and it costs nothing to implement.
A fraud alert is a warning to potential credit providers that your identity may have been compromised. It lasts between one to seven years and can be lifted anytime. Once placed with one credit bureau, it is automatically implemented with the other two.
Deciphering “Identity Protection PIN”
An Identity Protection PIN (IP PIN), a six-digit number issued by the U.S. Internal Revenue Service, safeguards your Social Security number or Individual Taxpayer Identification Number from fraudulent tax return filings.
An IP PIN is valid for a calendar year and is renewed annually by the IRS for participating accounts.
Californians: Safeguarded by State Laws
If your confidential medical information was disclosed in this cyber-attack, you may be entitled to $1,000 plus actual damages resulting from the negligent release of your confidential information.
California has unique state laws, including the California Confidentiality of Medical Information Act (CMIA), that compensate individuals whose confidential and sensitive data have been accessed by cyber-attackers.
Helping You Navigate Your Rights
Experienced data breach and class action attorneys can help you exercise your rights, evaluate your options, and decide whether you should seek compensation under the CMIA.
Tri-City Data Breach Inquiry