Yuma Regional Medical Center (YRMC) based in Arizona has stated that it suffered a ransomware attack in April. The threat actors obtained the protected health information (PHI) of around 700,000 current and past patients.
Based on the current YRMC report, the attack was detected on April 25, 2022, which affected a number of its IT systems. YRMC mentioned prompt action was done to control the attack. Systems were shut down to stop further unauthorized access. YRMC notified law enforcement, and a third-party computer forensics company assisted with the investigation to determine the nature and scope of the attack. The investigation affirmed that the attackers acquired access to its systems between April 21 and April 25, 2022, and, prior to encrypting files, a section of files was taken from its systems.
YRMC stated that together with security experts, they are bringing its systems back online as soon as possible. All through the attack, its facilities were open and used programmed backup processes and downtime methods. There were some delays to selected healthcare services; nevertheless, the majority of appointed services carried on as planned.
Breach notification letters were recently sent to impacted people. YRMC mentioned the files extracted from its systems comprised names, health insurance details, Social Security numbers, and some medical data. YRMC reported its electronic medical record system was not accessed. The affected persons were present and previous patients in Yuma County or people working in Yuma County on a short-term or seasonal basis.
YRMC already took steps to enhance security to avert further attacks. It offered the impacted persons complimentary credit monitoring and identity theft protection services. Usually, ransomware attacks frequently bring about the exposure of stolen data when the ransom is not paid. It is uncertain in this situation that if payment was made, the ransomware threat group seems to have claimed accountability for the ransomware attack.