Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label California. Show all posts
Rhysida
California Databreach Exposed Patient Records Healthcare Privacy ransomware attacks Rhysida

Tribal Health Clinics in California Report Patient Data Exposure

 


Patients receiving care at several tribal healthcare clinics in California have been warned that a cyber incident led to the exposure of both personal identification details and private medical information. The clinics are operated by a regional health organization that runs multiple facilities across the Sierra Foothills and primarily serves American Indian communities in that area.

A ransomware group known as Rhysida has publicly claimed responsibility for a cyberattack that took place in November 2025 and affected the MACT Health Board. The organization manages several clinics in the Sierra Foothills region of California that provide healthcare services to Indigenous populations living in nearby communities.

In January, the MACT Health Board informed an unspecified number of patients that their information had been involved in a data breach. The organization stated that the compromised data included several categories of sensitive personal information. This exposed data may include patients’ full names and government-issued Social Security numbers. In addition to identity information, highly confidential medical details were affected. These medical records can include information about treating doctors, medical diagnoses, insurance coverage details, prescribed medications, laboratory and diagnostic test results, stored medical images, and documentation related to ongoing care and treatment.

The cyber incident caused operational disruptions across MACT clinic systems starting on November 20, 2025. During this period, essential digital services became unavailable, including phone communication systems, platforms used to process prescription requests, and scheduling tools used to manage patient appointments. Telephone services were brought back online by December 1. However, as of January 22, some specialized imaging-related services were still not functioning normally, indicating that certain technical systems had not yet fully recovered.

Rhysida later added the MACT Health Board to its online data leak platform and demanded payment in cryptocurrency. The amount requested was eight units of digital currency, which was valued at approximately six hundred sixty-two thousand dollars at the time the demand was reported. To support its claim of responsibility, the group released sample files online, stating that the materials were taken from MACT’s systems. The files shared publicly reportedly included scans of passports and other internal documents.

The MACT Health Board has not confirmed that Rhysida’s claims are accurate. There is also no independent verification that the files published by the group genuinely originated from MACT’s internal systems. At this time, it remains unclear how many individuals received breach notifications, what method was used by the attackers to access MACT’s network, or whether any ransom payment was made. The organization declined to provide further information when questioned.

In its written notification to affected individuals, MACT stated that it experienced an incident that disrupted its information technology operations. The organization reported that an internal investigation found that unauthorized access occurred to certain files stored on its systems during a defined time window between November 12 and November 20, 2025.

The health organization is offering eligible individuals complimentary identity monitoring services. These services are intended to help patients detect possible misuse of personal or financial information following the exposure of sensitive records.

Rhysida is a cybercriminal group that first became active in public reporting in May 2023. The group deploys ransomware designed to both extract sensitive data from victim organizations and prevent access to internal systems by encrypting files. After carrying out an attack, the group demands payment in exchange for deleting stolen data and providing decryption tools that allow victims to regain access to locked systems. Rhysida operates under a ransomware-as-a-service model, in which external partners pay to use its malware and technical infrastructure to carry out attacks and collect ransom payments.

The group has claimed responsibility for more than one hundred confirmed ransomware incidents, along with additional claims that have not been publicly acknowledged by affected organizations. On average, the group’s ransom demands amount to several hundred thousand dollars per incident.

A significant portion of Rhysida’s confirmed attacks have targeted hospitals, clinics, and other healthcare providers. These healthcare-related incidents have resulted in the exposure of millions of sensitive records. Past cases linked to the group include attacks on healthcare organizations in multiple U.S. states, with ransom demands ranging from over one million dollars to several million dollars. In at least one case, the group claimed to have sold stolen data after a breach.

Researchers tracking cybersecurity incidents have recorded more than one hundred confirmed ransomware attacks on hospitals, clinics, and other healthcare providers across the United States in 2025 alone. These attacks collectively led to the exposure of nearly nine million patient records. In a separate incident reported during the same week, another healthcare organization confirmed a 2025 breach that was claimed by a different ransomware group, which demanded a six-figure ransom payment.

Ransomware attacks against healthcare organizations often involve both data theft and system disruption. Such incidents can disable critical medical systems, interfere with patient care, and create risks to patient safety and privacy. When hospitals and clinics lose access to digital systems, staff may be forced to rely on manual processes, delay or cancel appointments, and redirect patients to other facilities until systems are restored. These disruptions can increase operational strain and place patients and healthcare workers at heightened risk.

The MACT Health Board is named after the five California counties it serves: Mariposa, Amador, Alpine, Calaveras, and Tuolumne. The organization operates approximately a dozen healthcare facilities that primarily serve American Indian communities in the region. These clinics provide a range of services, including general medical care, dental treatment, behavioral health support, vision and eye care, and chiropractic services.


Read more »
leaked sensitive data
California Customer Data Data Breach Data Broker Data Privacy data privacy regulations data security leaked sensitive data

California Privacy Regulator Fines Datamasters for Selling Sensitive Consumer Data Without Registration

 

The California Privacy Protection Agency (CalPrivacy) has taken enforcement action against Datamasters, a marketing firm operated by Rickenbacher Data LLC, for unlawfully selling sensitive personal and health-related data without registering as a data broker. The Texas-based company was found to have bought and resold information belonging to millions of individuals, including Californians, in violation of the California Delete Act. 

Under the Delete Act, companies engaged in buying or selling consumer data are required to register annually as data brokers by January 31. Beginning in 2026, the law will also enable consumers to use a centralized online tool known as the Delete Request and Opt-out Platform (DROP), which allows individuals to request the deletion of their personal information from all registered data brokers at once. 

CalPrivacy imposed a $45,000 fine on Datamasters for failing to register within the required timeframe. Due to the seriousness and continued nature of the violations, the agency also prohibited the company from selling personal information related to Californians. According to the regulator’s final order, Datamasters continued operating as an unregistered data broker despite repeated efforts by the agency to bring it into compliance. 

The investigation found that Datamasters purchased and resold data linked to people with specific medical conditions, including Alzheimer’s disease, drug addiction, and bladder incontinence, primarily for targeted advertising purposes. In addition to health data, the company traded consumer lists categorized by age and perceived race, marketing products such as “Senior Lists” and “Hispanic Lists.” The datasets also included information tied to political views, grocery shopping behavior, banking activity, and health-related purchases.  

The scope of the data involved was extensive, reportedly consisting of hundreds of millions of records containing names, email addresses, physical addresses, and phone numbers. CalPrivacy identified the nature and scale of the data processing as a significant risk to consumer privacy, particularly given the sensitive characteristics associated with many of the records. 

An aggravating factor in the case was Datamasters’ response to regulatory scrutiny. The company initially claimed it did not conduct business in California or handle data belonging to Californians. When confronted with evidence to the contrary, it later acknowledged processing such data and asserted that it manually screened datasets, a claim regulators found unconvincing. The agency noted that Datamasters resisted compliance efforts while continuing its data brokerage activities. 

As part of the enforcement order, signed on December 12, Datamasters was instructed to delete all previously acquired personal information related to Californians by the end of December. The company must also delete any California-related data it may receive in the future within 24 hours. Additionally, Datamasters is required to maintain compliance safeguards for five years and submit a report detailing its privacy practices after one year. 

In a separate action, CalPrivacy fined S&P Global Inc. $62,600 for failing to register as a data broker for 2024 by the January 31, 2025 deadline. The agency noted that the lapse, which lasted 313 days, was due to an administrative error and that the company acted promptly to correct the issue once identified.
Read more »
Privacy
California Consumer Data Cyber Law Data Privacy Digital Age Personal Information Privacy

CA Delete Act: Empowering Data Privacy

Governor Gavin Newsom has enacted the California Delete Act, marking a historic step for data privacy. This law represented a big step towards giving people more control over their personal information and was passed with resounding support from the state government.

The CA Delete Act, also known as Assembly Bill 375, is set to revolutionize the way businesses handle consumer data. It grants Californians the right to request the deletion of their personal information from company databases, putting the power back in the hands of the individual.

The bill's passage is being hailed as a major win for privacy advocates. It signals a shift towards a more consumer-centric approach to data handling. According to Governor Newsom, this legislation represents a critical move towards "putting consumers in the driver’s seat when it comes to their own data."

One of the key provisions of the CA Delete Act is the requirement for businesses to conspicuously display an opt-out option on their websites, allowing users to easily request the deletion of their data. This transparency ensures that consumers are fully aware of their rights and can exercise them effortlessly.

Furthermore, the legislation includes penalties for non-compliance. Businesses that fail to comply with deletion requests within the stipulated timeframe may face fines and other legal consequences. This aspect of the bill emphasizes the seriousness with which California is approaching data privacy.

Industry experts predict that the CA Delete Act could set a precedent for similar legislation on a national and even international scale. As businesses increasingly operate in a globalized digital landscape, the demand for comprehensive data protection measures is becoming paramount.

The significance of the CA Delete Act extends far beyond California's borders. It sends a clear message about the importance of prioritizing individual privacy in the digital age. As Joseph Jerome, a privacy expert, stated, "This law will likely serve as a catalyst for other states to take a harder look at consumer privacy."

Data privacy has advanced significantly thanks to the California Delete Act. Individuals now have the power to manage their personal information, which puts more responsibility and accountability on businesses to be open and honest about how they handle customer data. This historic law is a ray of hope for those defending privacy rights in the digital age since it could influence laws comparable to those around the world.


Read more »
User Privacy
California Cyber Attacks Healthcare Industry Patient Info Ransomware attack User Privacy

Ransomware Actors' Recent Rhysida Attacks Highlight a Rising Threat on HealthCare Institutions

 

The threat organisation behind for the rapidly expanding Rhysida ransomware-as-a-service operation has claimed responsibility for an Aug. 19 attack that disrupted systems at Singing River Health System, one of Mississippi's leading healthcare facilities. 

The attack comes on the heels of one in August against California's Prospect Medical Holdings, which affected 16 hospitals and more than 160 clinics across the country. The extensive nature of the incident caused the Health Sector Cybersecurity Coordination Centre to issue a notice to other organisations in the industry. 

Fatal attack

The attack on Singing River impacted three hospitals and ten clinics in the system, and it is expected to solidify Rhysida's reputation as a growing threat to healthcare organisations in the United States. It's also a reminder of the growing interest in the sector from ransomware perpetrators, who pledged early in the COVID-19 outbreak not to target hospitals or other healthcare facilities. 

Check Point Software's threat intelligence group manager, Sergey Shykevich, who is tracking the Rhysida operation, says he can confirm the Rhysida group has disclosed only a small portion of data allegedly belonging to Singing River on its leak disclosure site. 

The gang has stated that it is willing to sell all of the data it has acquired from the healthcare system for 30 Bitcoin, which is approximately $780,000 at today's pricing. "We sell only to one hand, no reselling, you will be the sole owner," the group stated in a Facebook post. 

After debuting in May and quickly establishing itself as a serious threat in the ransomware world, Rhysida—named after a kind of centipede—has gained widespread attention. The group first targeted organisations in the government, managed service provider, education, manufacturing, and technology sectors. The threat group entered the healthcare industry with its attack on Prospect. 

Earlier this year, when looking into a ransomware attack on a university, Check Point first came across Rhysida. The threat actor's tactics, techniques, and procedures were examined by the security vendor, who found similarities between them and the TTPs of Vice Society, another extremely active threat actor that has been focusing on the health and education sectors since at least 2021. 

Lucrative target

The expansion of the Rhysida operation into the field of healthcare shows how significant the sector is to threat actors. Healthcare organisations offer a real gold mine of personal identity and health information that can be profited from in a variety of ways for individuals with illicit motives. 

Threat actors are also aware that health organisations are more willing to pay a ransom to bargain their way out of an attack and prevent disruptions that could impair their ability to deliver patient care.

"Attacks on healthcare providers have two main significant implications," Shykevich explained. "The hospital's ability to provide basic services to its patients and [on] the patients' sensitive data. Following such cyberattacks, the data quickly makes its way to Dark Web markets and forums." 

This attack is simply one of many ransomware and other types of incidents that have targeted healthcare organisations this year. The attacks uncovered a total of more than 41 million records in the first half of 2023 alone. According to data maintained by the Office for Civil Rights of the US Department of Health and Human Services, the organisation is now looking into more than 440 incidents that healthcare organisations reported during the first eight months of this year.
Read more »
Hospitals
California Coronavirus Cyber Attacks CyberCrime data security Healthcare Hospitals

Multi-State Cyberattack Disrupts Health Care Services in Multiple States

 


One of the California organizations faced a cyberattack this week which resulted in some services being shut down at affiliated locations and some patients having to rely solely on paper records. The cyberattack disrupted hospital computer systems in several states on Friday, some emergency rooms were closed and ambulances diverted. Most primary care services remained closed, while security experts investigated that the damage was extensive. 

It was reported Thursday that a "data security incident" had taken place at Prospect Medical Holdings' facilities in this state as well as in Texas, Connecticut, Rhode Island, and Pennsylvania. These facilities are owned and operated by Prospect Medical Holdings, based in Los Angeles. Prospect Medical Holdings is based in Connecticut and operates 16 hospitals and more than 165 clinics and outpatient centres across Connecticut, Pennsylvania, Rhode Island and Southern California. Prospect Medical spokesperson was unable to provide an estimate regarding when services will resume on Saturday. At the moment, there is no indication of the number of sites affected by this system. 

As of now, the company has seven hospitals in California's Los Angeles and Orange counties. Prospect's website says the company has two behavioural health facilities and a 130-bed acute care hospital in Los Angeles. 

Connecticut hospitals, including Manchester Memorial, Rockville General and Thornwood Hospital, closed their emergency departments from Thursday morning to evening. Patients were transferred between nearby facilities. Connecticut's FBI has issued a statement stating that it is working with "all the law enforcement agencies in the state as well as the victims' entities" but was unable to go into further detail regarding the investigation in progress. 

In addition to elective surgeries and outpatient appointments, blood drives and other services, the Eastern Connecticut Health Network, which operates the facilities, also announced that many primary care services were closed on Friday. While the emergency departments reopened late Thursday, many primary care services were also shut. Upon looking at the website for this network, the website indicates that all patients have been contacted individually. 

There were ongoing technical difficulties on Eastern Connecticut Health Network's website on Saturday night, which, among other things, caused the closure of its services like outpatient medical imaging, outpatient blood draw, and others, as it is a part of the Prospect health system. In a report published by the Hartford Courant on Thursday, two hospitals that are part of the network had to divert patients from their emergency rooms.   

As hospitals digitize and upgrade their medical records to cloud-based servers, ransomware is becoming a more common form of attack, including attacks on healthcare systems. The American Hospital Association's cybersecurity adviser, John Riggi, said that cyberattacks on hospitals have become increasingly common over the past few years. 

It has been reported that Waterbury Hospital, in Waterbury, Conn., has been experiencing disruptions throughout the afternoon and evening. Furthermore, the hospital said some of its outpatient imaging, as well as outpatient surgery services, had been unavailable on Friday and Saturday as well. The company said that it will be using paper records from now on. 

On February 24, 2022, One Brooklyn Health, a hospital group that delivers health care to low-income neighbourhoods in New York, was a victim of a cyberattack that forced hospital employees to use paper records to keep track of patient information. The employees at the time of the attack said that they were a little behind on learning the new system, given that most hospitals have been using electronic records since the mid-1990s, and that some diagnostic tests were taking longer to return due to the attack.

NBC reported that commonSpirit Health, which operates over 140 hospitals and more than 700 care sites across the country, was hit by a cyberattack last year, which resulted in cancelled surgeries, cancelled doctor's appointments, and other delays in the delivery of care. In 2020, Russian hackers launched a ransomware attack against United Health Services, which is affiliated with over 400 hospitals, making it one of the largest attacks of its kind in history and one of the largest attacks in the history of cybercrime. 

Despite these alarming facts, the incident clearly illustrates the vulnerability of healthcare systems to cyberattacks. Critical services are being disrupted across several states as a result. Due to the need for robust cybersecurity measures being urgently needed, the reliance on paper records is an indication of the need. 

As a result of the outbreak of the pandemic, the healthcare sector has been exposed to an increased level of cyber threats. Keeping the data of our patients secure and ensuring the uninterrupted delivery of care in a world that is becoming more interconnected is a vital task of healthcare providers and technology partners working together.
Read more »
User Privacy
California Cookies Data Privacy Laws Employee Data Privacy User Privacy

California's Consumer Privacy Act has Been Updated

 

California's unique consumer privacy law was strengthened on January 1 as a result of a ballot initiative that 2020 voters endorsed. A new privacy law that puts new requirements on companies to make sure that employees have more authority over the gathering and utilization of their personal data takes effect this year.

What does California's Consumer Privacy Act imply?

In June 2018, Governor Brown signed the California Consumer Privacy Act (CCPA) into law. A ground-breaking piece of legislation, it imposes requirements on California businesses regarding how they acquire, use, or disclose Californians' data and gives the people of California a set of data rights equal to those found in Europe.

The California Privacy Rights Act (CPRA), which amends the historic California CCPA by extending its protections to staff, job seekers, and independent contractors, will go into effect on January 1, 2023, and firms that employ California residents must ensure they have taken the necessary steps to comply by that date.

An updated version of CCPA

Residents of California can ask for their data to be updated, destroyed, or not sold as a result. These standards now also apply to employers for the first time.

If you've noticed those boxes at the bottom of almost every website asking about your preferences for data privacy, you know the California privacy legislation has a significant impact. Employment lawyer Darcey Groden of Fisher Phillips predicts that it will also apply to employers.

While many businesses have the infrastructure in place to deal with customer data, attorney Darcey Groden noted that the employment connection is significantly more complex. In the job situation, there is just a lot of data that is continually being collected.

In most cases, you will need to account for your human resources file, health information, emails, and surveillance footage. This law is exceedingly intricate and it will be expensive to adhere to it. According to Zoe Argento, it will be particularly difficult for businesses that do not deal with consumers, for instance, businesses in the manufacturing and construction industries.

Companies with many employees and gathering a lot of data, like gig platforms, could also be significantly impacted. They normally do not have a privacy department, so this is quite new to them. Increased accountability around how some platforms use worker data to design their algorithm may result from more transparency.




Read more »
Sensitive data
California Cyber Attacks data security Online data breach Sensitive data

State Bar of California's Confidential Details Leaked by a Website

 

The State of Bar California is inspecting a data attack after hearing that a site is publishing sensitive information about 260,000 attorney discipline cases pertaining to California and different jurisdictions. State Bar officials came to know about the posted records on Feb 24 on Saturday night, all the sensitivity details that were posted on the site judyrecords.com, that includes case numbers, information about various cases and statuses, respondents, file dates, and witness names that were removed. 

State Bar executive Leah Wilson in a statement said that the bar apologizes for the site's unauthorized display of personal data. The bar takes full responsibility for protecting confidential data with sincerity, and it is currently doing everything it can to resolve the issue quickly and protect respondents from further attacks. 

According to reports, full case records were not leaked, as per officials, they don't know if the published information was due to a hacking attack. Judyrecords.com is a site that covers court case records nationwide. 

The State Bar website lets the public search for case details, but the details about the attorney discipline case published by judyrecords.com are not meant for public access. The information was stored in State Bar's Odyssey case management system, which is given by vendor Tyler Technologies. 

As per the California Business and Professions Code, disciplinary investigations are confidential filing of formal charges. The conclusion of the data breach is that the State Bar notified law enforcement and asked forensic expert teams to inspect the issue. Tyler Technologies is currently assisting in the inquiry. 

Besides this, the state bar also asked the hosting provider of the website to take down the published information. Judyrecords website says, "Judyrecords is a 100% free nationwide search engine that lets you instantly search hundreds of millions of United States court cases and lawsuits. Judy records have over 100x more cases than Google Scholar and 10x more cases than PACER, the official case management system of the United States federal judiciary. As of Dec 2021, Judy records now features the free full-text search of all United States patents from 1/1/1976 to 11/10/2021 — over 7.9 million patents in total."
Read more »
Subscribe to: Comments (Atom)