Healthcare organizations continue to be a popular target for cybercriminals, as evidenced by reports looking back at cyberattacks in 2022.

A study from Critical Insights found nearly 50 million people were affected by healthcare data breaches in 2022, and if you think that figure is large, it’s actually a slight decrease from the 53 million people who had their information compromised in healthcare incidents in 2021.

Healthcare organizations hold a lot of sensitive personal data cybercriminals find very valuable, including names, addresses, Social Security numbers and information tied to patients’ medical diagnoses and prescriptions. 

In this installment of the BlackCloak Thursday Threat Update, we will look at a data breach affecting a series of healthcare organizations in California, as well as another incident involving a popular soft drink company.


California medical group breach affects 3.3 million patients

What we know: Several medical groups within the Heritage Provider Network in California experienced a data breach affecting 3.3 million patients. Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical were impacted by the cyberattack, and compromised data points included patients’ names, dates of birth, addresses, phone numbers, Social Security numbers and other treatment-related data.

Recommendations: In its data breach notification letter, Regal Medical Group is offering one year of credit monitoring free of charge. Due to the sensitive nature of the information exposed, anyone who receives a data breach notification letter, or is a patient of one of the medical groups listed above, should strongly consider placing a credit freeze and fraud alerts on their accounts, even if it’s out of an abundance of caution. Additionally, be cautious of phishing attacks that may come from spam text messages, which cybercriminals send through a tactic known as “smishing.”


Pepsi experiences data breach

What we know: Pepsi Bottling Ventures disclosed it suffered a data breach. In its draft data breach notification letter, Pepsi said the breach occurred on Dec. 23, 2022 and wasn’t discovered until Jan. 10, 2023. At this time, it has not been determined whether the breach affected customers or employees, but exposed data points included names, addresses, financial account information, such as passwords and PINs, Social Security numbers and passport information.

Recommendations: Pepsi is also offering a year of free credit monitoring, and anyone who may be affected by this incident should also consider placing a credit freeze and fraud alert on their accounts. If you believe any passwords may be at risk, take the time to reset any and all passwords tied to your accounts. Ensure that each password is unique, and possess the traits that will make it hard for cybercriminals to crack them.


Don’t let your guard down

Cybercriminals will target just about any organization in any industry if they believe they can get their hands on sensitive information. It’s why you should always stay on top of all the different cyberthreats that exist in the digital ecosystem.

Learn more about how how ransomware attacks work, and how man-in-the-middle attacks operate and the ways you can prevent them from happening.