Yuma Regional Medical Center

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In April 2022, Yuma Regional Medical Center (YRMC) in Arizona experienced a significant ransomware attack that compromised the protected health information (PHI) of approximately 737,448 current and former patients. The cyberattack was detected on April 25, 2022, and it was determined that unauthorized access to YRMC’s systems occurred between April 21 and April 25, 2022. During this period, attackers exfiltrated a subset of files containing sensitive patient information, including names, Social Security numbers, health insurance information, and limited medical information. However, YRMC’s electronic medical record system was not accessed during the attack[1][4][8].

YRMC took immediate action to contain the attack by taking affected systems offline and notifying law enforcement and a third-party computer forensics firm to assist with the investigation. Despite the cyberattack, YRMC’s facilities remained operational, utilizing backup processes and downtime procedures, although some services experienced delays[1][4].

In response to the breach, YRMC has taken steps to enhance its security measures to prevent future attacks. Affected individuals were notified of the breach and offered complimentary credit monitoring and identity theft protection services. It remains unclear if a ransom was paid, and no specific ransomware threat group has claimed responsibility for the attack[1].

The incident has led to legal actions against YRMC. A class action lawsuit was filed, alleging that YRMC failed to adequately protect patients’ PHI and did not comply with industry-standard practices for securing such information. The lawsuit accuses YRMC of using outdated and insecure computer systems and software, and failing to implement sufficient security measures. Plaintiffs in the lawsuit are seeking damages for the lost or diminished value of their PHI, costs associated with identity theft prevention, detection, and recovery, lost opportunity costs, and emotional distress[2].

This ransomware attack on YRMC is part of a larger trend of increasing healthcare breaches in 2022, highlighting the ongoing cybersecurity challenges faced by the healthcare industry[9].

Citations:

  1. https://www.hipaajournal.com/700000-patients-affected-by-yuma-regional-medical-center-ransomware-attack/
  2. https://www.lawow.org/johnson-v-yuma-regional-medical-center-2022-06-22
  3. https://kffhealthnews.org/news/hospital-penalties/
  4. https://healthitsecurity.com/news/yuma-regional-medical-center-experiences-ransomware-attack
  5. https://ktar.com/story/5545316/two-critically-injured-as-pickup-truck-crashes-into-yuma-border-patrol-station/
  6. https://www.scmagazine.com/analysis/ransomware-attack-on-yuma-regional-medical-leads-to-data-theft-for-700k-patients
  7. https://ryortho.com/2023/04/remarkable-orthopedic-surgeon-leader-and-mentor-ram-krishna-dies-at-77/
  8. https://therecord.media/arizona-hospital-says-ssns-of-700000-people-leaked-during-april-ransomware-attack
  9. https://www.techtarget.com/searchsecurity/news/252521771/Healthcare-breaches-on-the-rise
  10. https://www.thelyonfirm.com/blog/yuma-regional-medical-center-data-breach/
  11. https://www.classaction.org/news/yuma-regional-medical-center-hit-with-class-action-over-april-2022-data-breach
  12. https://kyma.com/news/top-stories/2022/06/10/700k-yrmc-patients-impacted-by-data-leak/
  13. https://www.govinfosecurity.com/medical-center-ransomware-attack-affects-700000-a-19337
Breach Submission Date Jun 09, 2022
Converted Entity Name Yuma Regional Medical Center
Converted Entity Type Healthcare Provider
State AZ
Individuals Affected 783,145
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes