Palomar Health Medical Group patients aren’t the only ones affected by a cybersecurity incident that was identified about two months ago. An employee contacted NBC 7 Responds, explaining that it was difficult to meet patients’ needs after the incident forced the medical group to shut down its phone and computer systems around May 5.
The medical group sent out a notice Wednesday saying an incident “may have impacted the privacy of information relating to certain individuals.”
“The investigation is ongoing, but it has revealed that an unauthorized actor gained access to certain files within PHMG’s network from April 23, 2024 to May 5, 2024 and may have copied those files. Additionally, this incident may have rendered some files unrecoverable. However, PHMG is continuing its efforts to restore all files and identify specific individuals and information that may have been affected so that it can provide an individualized advisory with additional information when its investigation is complete,” the medical group said in its advisory, in part.
The notice comes as the deadline for a federal data breach requirement approaches. The rule says health systems have 60 days from the discovery of a breach to notify patients, the media and the government of what information may have been compromised and what steps have been taken to address the problem.
PHMG says it cannot yet identify who and what information was affected or confirm whether there was any misuse of the information.
As the investigation continues, patients have told NBC 7 they are having trouble booking appointments, getting test results and getting prescription refills. An internal email sent to employees a few weeks ago estimated that 85% of systems would be back up and running by July 1. That hasn’t been the case, according to people NBC 7 spoke with.
NBC 7 reached out to the medical group this week and sent an email with the following statement: “Palomar Health Medical Group is working diligently to be fully operational by mid-July. We value our patients and appreciate their understanding and patience as we respond to this incident.”
The employee NBC 7 spoke to declined to be identified for fear of backlash. But she said some remote workers were unable to do their jobs because of the systems outage and had their hours reduced, forcing them to apply for unemployment benefits. There has also been a change in leadership. An email to employees in early June announced that the CEO and the medical group “have mutually decided to part ways.”
Another email, sent the same day, warned employees that they would be switching to a new health insurance plan effective July 1.
PHMG did not respond to any of NBC 7’s questions about these changes.
NBC 7 and Telemundo 20 Responds’ Sergio Flores has been demanding answers since the incident happened seven weeks ago.
