Palomar Health Medical Group is reporting potential cyberattack
Learn More
The Palomar Health Medical Group (PHMG) is reporting an incident involving "suspicious activity" detected on certain computer systems within its network. Palomar Health Medical Group (PHMG) operates as the outpatient arm of the Palomar Health integrated healthcare system, primarily serving the northern San Diego County area.
This event was first observed on May 5. PHMG took the affected systems offline to mitigate the spread of potential malware and initiated an investigation.
PHMG's phone lines, fax services, and patient portal functionalities have been disrupted. Patients needing new prescriptions or refills have been advised to visit their doctor’s offices in person.
Despite technical challenges, PHMG assures that medical appointments continue, albeit with possible delays. Some patients experienced appointment delays of several hours, and medical staff resorted to handwritten notes.
The incident has been localized to specific components of the PHMG network; the broader Palomar Health Healthcare District, including facilities like Palomar Medical Center Poway and Palomar Medical Center Escondido, remains unaffected.
PHMG has engaged third-party specialists to help determine the source of the disruption, assess its impact on PHMG's systems, and restore full system functionality.
The exact nature of the attack, types of potentially exposed data, and number of affected individuals if any, have not yet been disclosed.
Update - as of July 2024, Palomar Health Medical Group informed its patients that a wide range of personal information might have been compromised in the breach. Potentially compromised information includes:
- Name
- Address
- Date of birth
- Social Security number
- Medical history information
- Disability information
- Diagnostic information
- Treatment information
- Prescription information
- Physician information
- Medical record number
- Health insurance information (including subscriber number and group/plan number)
- Credit/debit card details (including security code/PIN and expiration date)
- Email address and password
- Username and password
Palomar Health and its affiliate, Graybill Medical, are continuing efforts to restore files and identify those affected to provide individualized notices with more detailed information.
