tri-city data breach

Tri-City Medical Center Data Breach: A Cybersecurity Alert

In a troubling yet increasingly familiar scenario, Tri-City Medical Center (Tri-City) in Oceanside, California, has become the latest victim of a crippling cybersecurity attack.

This brazen breach, which led the hospital to divert ambulance traffic and declare an internal disaster, is a stark reminder of the escalating cyber threats facing healthcare providers nationwide.

The exact nature of the attack remains undisclosed, with Tri-City only referring to the attack thus far as a “cybersecurity challenge.”

The data breach was uncovered by Tri-City staff on November 9. Although there has been no official confirmation Tri-City was subject to a ransomware attack, the effects on hospital operations suggest that is the nature of the “challenge.”

Ransomware, malicious software that extorts payment by holding digital infrastructure hostage, has increasingly targeted healthcare providers.

Disturbingly, a recent study documented 374 ransomware attacks against healthcare organizations from 2016 through 2021, revealing the exposure of over 42 million Americans’ personal health information.

The incident at Tri-City Medical Center is a clarion call for heightened vigilance and robust cybersecurity measures across the healthcare sector. It underscores the need for healthcare providers to fortify their digital defenses and prepare for the inevitability of cyberattacks.

Failure to do so not only jeopardizes patient safety but also inflicts significant financial and operational damages, as evidenced by previous attacks on Scripps Health network and UC San Diego Health.

Next Steps if Your Data May Be at Risk

If you sought medical care at Tri-City Medical Center and are understandably concerned that your personal, financial, and medical information may be at risk, there are immediate steps you can take to help protect your personal information.

  • If you have a username and password associated with an account at Tri-City, consider changing the password.
  • Be on the alert for unauthorized activity in your financial accounts or medical records.
  • Purchase credit monitoring services.
  • Order and review your annual free credit reports from the three major credit bureaus — Experian, TransUnion, and Equifax.
  • Set a “fraud alert” with one of the three major credit bureaus.
  • Implement a “security freeze” on your credit report.
  • Acquire an “identity protection pin” from the IRS.
  • Secure legal representation.

Differentiating Between “Credit Freeze” and “Fraud Alert”

credit freeze is the strongest step you can take to prevent fraudulent accounts from being opened under your name. It restricts credit bureaus from sharing your information with third parties. However, it doesn’t affect your ability to use active credit cards or your credit score, and it costs nothing to implement.

A fraud alert is a warning to potential credit providers that your identity may have been compromised. It lasts between one to seven years and can be lifted anytime. Once placed with one credit bureau, it is automatically implemented with the other two.

Deciphering “Identity Protection PIN”

An Identity Protection PIN (IP PIN), a six-digit number issued by the U.S. Internal Revenue Service, safeguards your Social Security number or Individual Taxpayer Identification Number from fraudulent tax return filings.

An IP PIN is valid for a calendar year and is renewed annually by the IRS for participating accounts.

Californians: Safeguarded by State Laws

If your confidential medical information was disclosed in this cyber-attack, you may be entitled to $1,000 plus actual damages resulting from the negligent release of your confidential information.

California has unique state laws, including the California Confidentiality of Medical Information Act (CMIA), that compensate individuals whose confidential and sensitive data have been accessed by cyber-attackers.

Helping You Navigate Your Rights

Experienced data breach and class action attorneys can help you exercise your rights, evaluate your options, and decide whether you should seek compensation under the CMIA.

Tri-City Data Breach Inquiry

Are you a current or former patient or employee of Tri-City Medical?(Required)
Did you receive a data breach notice from Tri-City Medical?(Required)