Pacific Pulmonary Medical reports data breach by Everest Team ransomware gang
Learn More
The Pacific Pulmonary Medical Group in California (PPMG) is reporting a data breach exposing sensitive information. The attack is claimed by the Everest Team ransomware group which posted listed PPMG on their dark web leak site.
The exposed data spans from late 2021 through October 4, 2024, suggesting the data exfiltration occurred on or around October 4, 2024.
The compromised data was found in two distinct formats:
- Over 150 image files containing:
- Patient insurance cards (front and back)
- Driver's licenses
- CSV files containing bi-weekly patient records including:
- Patient names and addresses
- Work, home, and cell phone numbers
- Social Security numbers
- Dates of birth
- Email addresses
- Smoking status
- Gender, race, and ethnicity
- Emergency contact information
- Patient ID numbers
- Service dates
- Check-in staff information
- Appointment purposes
- Referring physician details
- Primary care doctor information
- Health insurance account details
- Billing information
Each bi-weekly CSV file contained approximately 300-500 patient visit records. While the exact number of unique patients affected has not been determined due to potential duplicate visits, simple math of about 4 years of visits brings us to about 35,000 expoed individuals.
PPMG has not commented on the claims, and there is no notification has been posted on PPMG's website nor a breach report appears on the HHS public breach tool.
