A California-based network of nine affiliated physician practices has agreed to pay nearly $50 million to settle consolidated class action litigation involving a December 2022 ransomware and data theft attack that affected more than 3.4 million patients. Plaintiffs claimed their data was leaked on the darkweb. Breach Details The Regal Medical hacking incident ranked as the 10th largest of 746 major health data breaches reported in 2023 to the U.S. Department of Health and Human Services. A breach notice issued by Regal Medical and several of the other affiliated practices in February 2023 said the provider network became aware of the incident on Dec. 8, 2022, after noticing "difficulty" in accessing network servers. "After extensive review, malware was detected on some of our servers, which we later learned resulted in the threat actor accessing and exfiltrating certain data from our systems." The physician network said it worked with third-party vendors to restore access to its systems and analyze the affected data. Information compromised in the incident potentially includes the patient's name, Social Security number, date of birth, address, diagnosis and treatment, laboratory test results, prescription data, radiology reports, health plan member number and phone number. Check If Your Account Has Been Compromised in a Data Breach What Does It Mean When an Account Is “Compromised”? When your account is compromised, it means hackers have gained unauthorized access to your personal data — including email, passwords, or even financial information — often through a data breach. How to Check If Your Email Is Compromised Use our data breach check tool antipublic.net to instantly find if your email or password appears in known leak databases or dark web forums.