Data breach at AltaMed Health Services compromised patient data

California-based AltaMed Health Services suffered a serious data breach that exposed patients’ names and other personal identifiers to unauthorised third parties.

 

The Los Angeles-headquartered healthcare company said in a recently-published data security incident notice that it suffered a cyber security incident on December 14 that limited access to certain systems but did not impact patient care or other operations.

 

Upon learning about the incident, AltaMed Health Services took steps to secure its systems and contain the incident, initiated incident response protocols, notified law enforcement agencies, and engaged cyber security experts to assist with the investigation.

 

The healthcare organisation is yet to complete its investigation into the incident, but said that an unauthorised individual was able to gain access to some patient information, including patients’ names, dates of service and payment information.

 

AltaMed Health Services is one of the United States’ largest community health networks, providing comprehensive health care services to Los Angeles and Orange counties, and primary medical, dental, and senior care at over 40 locations in southern California. Founded in 1969, the healthcare non-profit has between 5,000 and 10,000 employees.

 

"We remain committed to protecting the confidentiality and security of information in our care, and we sincerely regret any concern this may cause," AltaMed said. "We encourage patients to review statements they receive related to their healthcare. If they identify charges for services they did not receive, they should contact the healthcare entity or health insurer immediately.

 

"We take this matter very seriously. To help prevent something like this from happening again, we have implemented additional safeguards and technical security measures to further protect and monitor our systems," the non-profit added.

 

AltaMed did not disclose how many patients were affected or whether it had received a ransom note from the attacker. It has, however, launched a dedicated toll-free helpline to answer any questions about the incident.

 

The cyber attack on AltaMed Health occurred not long after the healthcare non-profit suffered a major cyber attack in August 2024 that compromised sensitive personal and healthcare information of patients, including their dates of birth, social security numbers and personal contact information.

 

AltaMed then said that hackers gained access to an internal email account between August 5 and August 9, 2024, and exfiltrated patient information such as medical billing information, medical history, treatment information, details of prescriptions, vaccinations and insurance, and usernames and passwords. 

 

"AltaMed takes the confidentiality, privacy, and security of information in its care very seriously. Upon learning of the event, we immediately commenced an investigation and took steps to implement additional safeguards and review our policies and procedures relating to data privacy and security," the firm said.