By Jeff Wardon, Jr., Assistant Editor

Palomar Health Medical Group (PHMG) has restored some functions of its systems following a cyberattack this past May.  

In May, PHMG detected unusual activity on specific computer systems within its network, prompting an internal investigation.  It was revealed that an unauthorized individual accessed certain files within PHMG's network between April 23, 2024, and May 5, 2024, and may have copied those files. Some of those files may have become unrecoverable. PHMG has not yet disclosed the nature of the attack, whether it was a ransomware attack or something else. 

Related: Healthcare Cyber Incidents by the Numbers

Two months have passed since the initial cyberattack, causing significant downtime and high costs for the medical group. According to Statista, the average number of days spent in downtime in 2023 caused by ransomware attacks was about 18.71 days. This can lead to costs other than time being lost, such as protected data being exposed and/or money being spent. 

In fact, The HIPAA Journal reported that nearly 140,000,000 records were exposed in hacking or IT incidents in 2023 alone. As far as monetary costs go, an example of that is the CommonSpirit Health cyberattack, which lost the organization around $160 million, not counting the legal costs it faced following the attack.  

Speaking of legal costs, Norton Healthcare faced a class action lawsuit two months after it suffered a cyberattack in May 2023. Additionally, the Norton Healthcare cyberattack was named the seventh worst in Q4 of 2023 by the Identity Theft Resource Center, with 2.5 million patients affected.   

Jeff Wardon, Jr. is the assistant editor for the facilities market.