Centrelake Medical Group notifies patients after virus investigation reveals earlier intrusion and suspicious activity

Updated April 25:  This incident was reported to HHS as impacting 197,661 patients.

Original post:

Here’s their press release. The release does not explain how the attacker(s) first gained access to certain servers in January. Was the  infection intended to cover up the earlier activity? It’s not clear to me. Nor does the press release indicate how many patients are being notified.  Update:  HealthData Management subsequently reported that executives at Centrelake say that the virus was not ransomware, but did deny them access to data.

April 16, 2019 /PRNewswire/ — Centrelake Medical Group, Inc. (“Centrelake”) is taking action after it recently became aware that there was an incident in which an unknown third party may have gained access to the data in its practice. Although there is no indication of actual or attempted misuse of patient information, Centrelake is notifying patients whose records may have been subject to unauthorized access and providing these patients with information and resources that can be used to better protect against the possibility of identity theft or fraud if they feel it is appropriate to do so.

Centrelake takes this incident, and patient privacy, very seriously, and is taking steps to help prevent another incident of this kind from happening by continuing to review its processes, policies, and procedures that address data privacy.

To better assist those who may potentially have been affected by this event, Centrelake has established a toll-free privacy line staffed with individuals familiar with this incident and how to better protect against the possibility of identity theft and fraud, and you can direct all questions and concerns to this line by calling 1-866-736-0792 between 8:00 a.m. and 5:30 p.m. PDT, Monday through Friday, excluding major holidays.

What Happened

On February 19, 2019, Centrelake discovered its information system had been infected with a virus that prohibited its access to its files.  Centrelake immediately worked to restore its information system and launched an investigation, with the assistance of third-party forensics, to determine the nature and scope of the incident.  As part of Centrelake’s ongoing investigation, it determined this virus was introduced by an unknown third-party that had access to certain servers on its information system which contain personal and protected health information relating to current and former Centrelake patients. After a review of available forensic evidence, Centrelake determined that suspicious activity began on its network on January 9, 2019, lasting until the virus infection on February 19, 2019.

Information Affected

While the investigation is ongoing, and there is no evidence the unknown third-party viewed or took patient information stored on the systems, it has been confirmed that the impacted servers housed files and software applications containing information which may include patients’ names, addresses, phone numbers, Social Security numbers, services performed and diagnosis information, driver’s license information, health insurance information, referring provider information, medical record number, and dates of service.


Centrelake is providing notification to impacted patients and business partners and providing notification to required regulators about this incident.

Fraud Prevention Tips

Centrelake encourages affected individuals to remain vigilant against incidents of identity theft and fraud and to seek to protect against possible identity theft or other financial loss by regularly reviewing their financial account statements, credit reports, and explanations of benefits for suspicious activity. Anyone with questions regarding how to best protect themselves from potential harm resulting from this incident, including how to receive a free copy of one’s credit report, and place a fraud alert or security freeze on one’s credit file, is encouraged to call 1-866-736-0792 between 8:00 a.m. and 5:30 p.m. PDT, Monday through Friday, excluding major holidays.

SOURCE Centrelake Medical Group, Inc.

About the author: Dissent

Comments are closed.