Regal Medical Group, Inc. Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from Regal Medical Group, Inc., Lakeside Medical Organization, ADOC Medical Group, or Greater Covina Medical (collectively, “Regal”), contact the Arnold Law Firm at 916-777-7777
to discuss your legal options, or submit a confidential Case Evaluation form here.

On or about February 1, 2023, Regal sent a Notice of Data Breach Letter (“Breach Letter”) to victims of the Regal data breach informing them that their personal information, Personally Identifiable Information (“PII”) and Protected Health Information (“PHI”), was obtained by hackers during a ransomware attack (“data breach”) that took place on December 1, 2022.

On December 2, 2022, Regal states it “noticed difficulty in accessing some of our servers.” Regal conducted a review, and they determined “malware was detected on some of our servers, which we later learned resulted in the threat actor exfiltrating certain data from our systems.” Regal asserts it became aware of the data breach on December 8, 2022. An investigation determined the data breach took place on December 1, 2022. As a result of the data breach, hackers obtained from victims their name, Social Security number (for some victims), date of birth, address, diagnosis, treatment, laboratory test results, prescription data, radiology reports, health plan member number, and phone number.

Regal Medical Group, Inc. is affiliated with Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical. Regal is a regional medical network located throughout California and headquartered in Reseda, California (the Greater Los Angeles area). It employs 2,532 people. Although it is a non-profit, it generates $238 million a year in revenue.

Specific numbers are not yet known, but it is likely tens of thousands of people throughout California (specifically in the Greater Los Angeles area) and possibly throughout the United States were exposed. If you received a Breach Letter from Regal, Lakeside Medical Organization, ADOC Medical Group, or Greater Covina Medical, then you were impacted by the data breach.

Regal has offered to victims of the data breach one year of free credit monitoring from Norton LifeLock Defender Choice with an enrollment deadline of July 31, 2023.

WHAT INFORMATION IS INVOLVED?

According to Regal, the following information was exposed:

• Name
• Social Security number (for some victims)
• Date of birth
• Diagnosis and treatment
• Laboratory test results
• Prescription data
• Radiology reports
• Health plan number
• Phone number

This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity.

Personal medical information (a specific type of PII) is referred to as Protected Health Information (“PHI”). It is protected under both state and federal law. Health care providers and other businesses who handle PHI are required to protect that information. Like stolen PII, stolen PHI can be used by identity thieves to engage in fraudulent activity using your identity. Quite often, PII and PHI are used in conjunction by hackers.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).

NOTICE: If you received a NOTICE OF DATA BREACH letter from Regal Medical Group, Inc., Lakeside Medical Organization, ADOC Medical Group, or  Greater Covina Medical (collectively, “Regal”), contact the Arnold Law Firm at 916-777-7777
to discuss your legal options, or submit a confidential Case Evaluation form here.