Hackers claim to have exfiltrated 17 million patient records in a ransomware attack on PIH Health.
PIH Health, a Californian healthcare provider, is dealing with the fallout of a ransomware attack that occurred on December 1, 2024. The attackers claim to have stolen 17 million patient records, alongside other sensitive data, before encrypting the organization’s files. A ransom note reportedly faxed to PIH Health, alleges that approximately 2 terabytes of data were exfiltrated in the breach.
The stolen information is said to include patient home addresses, cancer treatment records, private emails containing test results, confidentiality agreements with employees, and over 100 active nondisclosure agreements with other medical organizations. A link to screenshots of the stolen data was allegedly provided in the ransom note. PIH Health has yet to verify these claims.
The attack has disrupted PIH Health’s operations. Systems were taken offline, and phone lines at two of its hospitals were rerouted to its Good Samaritan Hospital in Los Angeles to ensure communication continuity. Staff have reverted to manual data recording as they continue to provide care, but this has created additional workload and delays for patients.
As of December 13, PIH Health updated its website FAQ but could not provide an estimated timeline for system restoration. Local police and the Federal Bureau of Investigation (FBI) are involved in the investigation.
PIH Health’s public statement confirmed its collaboration with law enforcement and cyber forensic specialists, stating, “PIH Health is doing everything possible to rectify the situation.” The healthcare provider reassured the public that patient care remains its priority, despite operational disruptions.
The Southern California News Group indicated the possibility of hackers exaggerating the scale of data theft. Even if 17 million records were stolen, there may be duplicates within the dataset, which is common in breaches of this magnitude.
If the claims of 17 million compromised patient records are accurate, this would rank as the second largest healthcare data breach of 2024, following the 100-million-record breach at Change Healthcare earlier this year.
The disruption at PIH Health demonstrates the operational challenges that follow ransomware attacks, especially when essential systems are taken offline. As healthcare organizations continue to manage large amounts of sensitive data, security measures and timely incident response remain necessary to safeguard patient trust and minimize the impact of such breaches.
Ransomware is a type of malicious software designed to block access to a computer system or data until a ransom is paid. Attackers often encrypt files and demand payment, usually in cryptocurrency, in exchange for a decryption key.
Ransomware can spread through phishing emails, malicious attachments, compromised websites, or vulnerabilities in outdated software. Once inside a system, it can quickly encrypt data and spread across networks.
Exfiltration refers to the unauthorized transfer of data from a system or network. In ransomware attacks, exfiltrated data is often used to increase leverage by threatening public exposure or sale on dark web marketplaces.
Healthcare breaches can result in identity theft, privacy violations, disrupted medical services, regulatory fines, lawsuits, and damage to an organization’s reputation. Patients may also face delayed care and concerns over the misuse of their personal information.