Yuma Regional Medical Center
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
In April 2022, Yuma Regional Medical Center (YRMC) in Arizona experienced a significant ransomware attack that compromised the protected health information (PHI) of approximately 737,448 current and former patients. The cyberattack was detected on April 25, 2022, and it was determined that unauthorized access to YRMC’s systems occurred between April 21 and April 25, 2022. During this period, attackers exfiltrated a subset of files containing sensitive patient information, including names, Social Security numbers, health insurance information, and limited medical information. However, YRMC’s electronic medical record system was not accessed during the attack[1][4][8].
YRMC took immediate action to contain the attack by taking affected systems offline and notifying law enforcement and a third-party computer forensics firm to assist with the investigation. Despite the cyberattack, YRMC’s facilities remained operational, utilizing backup processes and downtime procedures, although some services experienced delays[1][4].
In response to the breach, YRMC has taken steps to enhance its security measures to prevent future attacks. Affected individuals were notified of the breach and offered complimentary credit monitoring and identity theft protection services. It remains unclear if a ransom was paid, and no specific ransomware threat group has claimed responsibility for the attack[1].
The incident has led to legal actions against YRMC. A class action lawsuit was filed, alleging that YRMC failed to adequately protect patients’ PHI and did not comply with industry-standard practices for securing such information. The lawsuit accuses YRMC of using outdated and insecure computer systems and software, and failing to implement sufficient security measures. Plaintiffs in the lawsuit are seeking damages for the lost or diminished value of their PHI, costs associated with identity theft prevention, detection, and recovery, lost opportunity costs, and emotional distress[2].
This ransomware attack on YRMC is part of a larger trend of increasing healthcare breaches in 2022, highlighting the ongoing cybersecurity challenges faced by the healthcare industry[9].
Citations:
- https://www.hipaajournal.com/700000-patients-affected-by-yuma-regional-medical-center-ransomware-attack/
- https://www.lawow.org/johnson-v-yuma-regional-medical-center-2022-06-22
- https://kffhealthnews.org/news/hospital-penalties/
- https://healthitsecurity.com/news/yuma-regional-medical-center-experiences-ransomware-attack
- https://ktar.com/story/5545316/two-critically-injured-as-pickup-truck-crashes-into-yuma-border-patrol-station/
- https://www.scmagazine.com/analysis/ransomware-attack-on-yuma-regional-medical-leads-to-data-theft-for-700k-patients
- https://ryortho.com/2023/04/remarkable-orthopedic-surgeon-leader-and-mentor-ram-krishna-dies-at-77/
- https://therecord.media/arizona-hospital-says-ssns-of-700000-people-leaked-during-april-ransomware-attack
- https://www.techtarget.com/searchsecurity/news/252521771/Healthcare-breaches-on-the-rise
- https://www.thelyonfirm.com/blog/yuma-regional-medical-center-data-breach/
- https://www.classaction.org/news/yuma-regional-medical-center-hit-with-class-action-over-april-2022-data-breach
- https://kyma.com/news/top-stories/2022/06/10/700k-yrmc-patients-impacted-by-data-leak/
- https://www.govinfosecurity.com/medical-center-ransomware-attack-affects-700000-a-19337