The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

700,000 Patients Affected by Yuma Regional Medical Center Ransomware Attack

Posted By on Jun 13, 2022

Yuma Regional Medical Center (YRMC) in Arizona has announced it was the victim of a ransomware attack in April in which the attackers obtained the protected health information (PHI) of 737,448 current and former patients.

According to the recent YRMC announcement, the attack was detected on April 25, 2022, which affected some of its IT systems. YRMC said immediate action was taken to contain the attack, and systems were taken offline to prevent further unauthorized access. Law enforcement was notified, and a third-party computer forensics firm was engaged to assist with the investigation and determine the nature and scope of the attack. The investigation confirmed that the attackers gained access to its systems between April 21 and April 25, 2022, and, prior to file encryption, a subset of files were exfiltrated from its systems.

YRMC said it is working with security experts to bring its systems back online as quickly as possible. Throughout the attack, its facilities remained open and operated using established backup processes and downtime procedures, which did result in some delays to certain services; however, most scheduled services continued as scheduled.

Notification letters have recently been sent to affected individuals. YRMC said the files exfiltrated from its systems included names, Social Security numbers, health insurance information, and limited medical information. YRMC said its electronic medical record system was not accessed. The affected individuals included current and former patients in Yuma County on individuals working in Yuma County on a short-term or seasonable basis.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Steps have been taken to improve security to prevent further attacks and affected individuals have been offered complimentary credit monitoring and identity theft protection services. Ransomware attacks often result in the exposure of stolen data if the ransom is not paid. It is unclear in this case if payment was made. No ransomware threat group appears to have claimed responsibility for the attack.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist