A ransomware attack in April against a major hospital in Yuma, Arizona led to a massive data breach involving the Social Security Numbers (SSNs) of more than 700,000 patients. The hospital is now sending breach notification letters to people at risk and has posted a security incident notice on its website.
The attack occurred in late April when perpetrators gained unauthorized access to the hospital’s network. Although the Yuma Regional Medical Center (YMRC) took its systems offline briefly after detecting the incident, threat actors were still able to extract critical files from the compromised servers.
“The investigation determined that an unauthorized person gained access to our network between April 21, 2022, and April 25, 2022, and removed a subset of files from our systems,” YMRC’s announcement reads.
Data exfiltrated by the hackers held sensitive patient information, ranging from names, Social Security Numbers, and health insurance information to medical data collected from YMRC patients. No ransomware group has yet claimed responsibility for the attack on the hospital.
“We want to assure our community that we are taking this matter very seriously,” says YMRC in the incident notice. “To help prevent something like this from happening again, we strengthened the security of our systems and will continue enhancing our protocols to safeguard the information in our care.”
The hospital is mailing letters to patients affected by the data leak and offers complimentary identity theft protection and credit monitoring services to eligible parties. YMRC also left contact information for potential leak victims who don’t receive their letters by July 10.
Specialized tools like Bitdefender Digital Identity Protection can help you protect your identity against the recent outbreak of data breaches. Our dedicated privacy tool can:
- Scan for leaks of your personal data
- Notify you instantly of privacy threats and newly discovered breaches
- Map your digital footprint
- Perform 24/7 data breach monitoring for up to five email addresses
- Detect social media impersonators