17 Million Patient Records Compromised in PIH Health Hospitals Data Breach Massive Cybersecurity Breach Emphasizes Medical Data Vulnerability
The PIH Health data breach is a stark reminder of how vulnerable sensitive medical information can be. Affecting 17 million patients, this attack underscores the importance of protecting patient data and seeking legal action if impacted.
The breach occurred on December 1, 2024 through a ransomware attack that paralyzed the network systems of PIH Health affecting three hospitals, PIH Health Downey Hospital, PIH Health Good Samaritan Hospital, and PIH Health Whittier Hospital, as well as urgent care centers and outpatient services.
PIH Health which serves over 3 million residents across Los Angeles and Orange counties, continues to provide health services to patients, finding solutions to the network freeze that has affected phone systems, patient records, prescriptions and more.
According to a Los Angeles Daily article, the hackers sent several letters stating that the PIH network was, “highly vulnerable,” with data stored insecurely on computer servers.”
This data breach emphasizes the vulnerability of medical data.
The number of individuals affected is staggering but even more concerning is the type of sensitive data the cybercriminals may have extracted.
Past and current patients of PIH Health whose sensitive data was compromised may be eligible to pursue a class action lawsuit against PIH Health.
If you are a patient of any of the three hospitals, or other affected PIH facilities, please contact CaseyGerry Class Action Attorneys at (619) 332-4020 to explore your legal options.
What Happened at PIH Health Data Breach?
On December 1, 2024, PIH Health experienced a ransomware attack that led to widespread system outages. The data breach disrupted the major operations of three PIH Health Care facilities, PIH Health Downey Hospital, PIH Health Good Samaritan Hospital, and PIH Health Whittier Hospital, as well as urgent care centers and outpatient services. The system shutdown affected the phone systems, internet access, laboratory records and more.
The cybercriminals notified the company, claiming to have accessed two terabytes of data including personal and medical records for 17 million patients and threatened to release the information on the internet if ransom demands were not met.
What Patient Data Was Compromised in the PIH Health Data Breach?
According to a Whittier Daily News article, the following patient information was compromised:
- Information on over 8 million “medical episodes”
- Patient home addresses
- Patient phone numbers
- Patient places of employment
- Patient medical expenses
- Confidential diagnoses
- Test results
- Patient photos and scans
- Treatment plans
- PIH’s oncology profitability and monthly volumes
- Private emails with patients about their treatment
In addition, about 100 active nondisclosure agreements between PIH and other medical organizations and parties, confidentiality agreements with employees were also breached.
Could the PIH Health Data Breach Have Been Prevented?
On November 30, 2024, hackers sent a letter to PIH Health’s Whittier Hospital’s Emergency Department warning that they had breached the hospital’s systems and accessed sensitive patient data. On December 4, 2024, a second letter was sent and included screenshots of the company’s internal data and further demands. A third letter was sent on December 6, 2024 warning PIH Health of the consequences if the hackers’ demands were not met.
The Los Angeles Daily News published excerpts from the hackers’ letters including the following warning.
“Be informed, there was a Ghost in your network!” “So the ghost has taken your data as evidence, and if you’re not going to cooperate and make a deal, then all your confidential files will be published on the internet.”
PIH Health has been working with the FBI and cyber forensics experts to understand the full extent of the attack and the stolen data. However, patients whose personal and medical information was compromised are now facing the threat of identity theft, fraud, or worse.
The PIH Health data breach is potentially the second largest health data breach in 2024.
What Steps Should I Take If I Suspect My Data Was Compromised?
If you were treated at any of the impacted PIH Health locations, it’s important to take immediate action to protect your personal and financial information:
- Check for notifications and contact the company if you have not received any.
- Closely monitor your financial accounts for suspicious activity.
- Consult legal counsel immediately to explore your options.
Contact CaseyGerry Today
If you are a past or current patient of PIH Health, contact CaseyGerry at (619) 332-4020 today to discuss your case. A class action lawsuit could help you recover damages for any harm caused by this massive breach of sensitive personal and medical information.
Learn more about our Data Breach and Class Action Attorneys.
