- The San Andreas Regional Center has suffered a ransomware attack that resulted in a data breach.
- The organization is now offering one year of identity fraud protection services to the exposed beneficiaries.
- The types of data that have been exfiltrated by the ransomware actors are extensive and very sensitive.
The San Andreas Regional Center, a non-profit organization that offers specialized care services to people in need in California, is sending notices of a data breach to its patients, informing them that their sensitive personal details may have been compromised. According to the details given in the notice, the incident took place on July 5, 2021, when the organization's systems were locked down due to a ransomware attack. Unfortunately, the actors exfiltrated patient records from the systems before they encrypted the local copies to engage in double-extortion.
The organization has engaged an outside counsel and third-party forensic expert immediately, and so the systems and operations were restored and properly secured, but the problem of the data breach remained. As the internal investigation that was concluded on August 2, 2021, revealed, the following details have been exfiltrated by the ransomware actors:
- Full name
- Physical address
- Email address
- Telephone number
- Social Security number
- Date of birth
- Health insurance information
- Health plan beneficiary number
- Full-face photos
- Unique identifying number
- Medical information
- Diagnosis details
- Disability codes
- Certificate/license numbers
That’s, unfortunately, a lot and opens up a very wide spectrum of exploit potential, so in order to help these people defend against crooks and scammers, the San Andreas Regional Center offers a one-year membership with Kroll to provide free credit monitoring, identity theft insurance, and identity theft restoration services. If you have received the notice, you should follow the instructions to enroll in Kroll’s services as soon as possible. The final deadline for this is November 30, 2021.
We have searched around and couldn’t find any publicly available leaks that appear to be the result of the attack, so this set is either still used for extortion or sold privately. Whatever has happened to the stolen data, it is important that the exposed remain vigilant and expect phishing or scamming emails, SMS, or even post mails. Social engineering is also quite possible as the leaked data set is very comprehensive.