Tri-City Healthcare says 2023 data breach impacted over 100,000 patients

Oceanside, California-based public hospital Tri-City Healthcare District said it experienced a data security incident that compromised the sensitive personal information of more than 108,000 individuals.

 

In a data breach notice filed with the Office of Maine Attorney General, Tri-City said that on November 9, 2023, it detected unusual activity in its internal network and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The hospital said it also notified relevant law enforcement agencies, including the FBI and U.S. Department of Homeland Security, about the security incident.

 

“The investigation revealed that an unknown actor gained access to and obtained certain data from the Tri-City network on or about November 8, 2023,” the hospital said. “Tri-City then worked with additional experts to conduct a comprehensive review of the impacted data to determine what personal information was involved.

“On or about September 27, 2024, we learned that your personal information was impacted in connection with this incident,” it added.

 

According to the hospital’s regulatory filing, the compromised data included names and other personal identifiers including Social Security Numbers. Its filing with the Maine state regulator also revealed that at least 108,149 individuals were impacted by the incident.

 

Tri-City added that it has already taken steps to secure the affected network and has applied additional security measures to avoid such incidents in the future.

 

The hospital has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

While Tri-City did not say who was behind the cyber attack, on December 7, 2023, the INC Ransom ransomware group claimed responsibility for the cyber attack on the hospital and listed it as a victim on its data leak site. It is unclear whether the hospital paid a ransom to regain access to the stolen data records.