A ransomware attack in April against a major hospital in Yuma, Ariz., led to a data breach involving the Social Security Numbers (SSNs) of more than 700,000 patients. The hospital sent breach notification letters to people at risk from this attack and posted a security incident notice on its website.
The attack occurred in late April when threat actors gained unauthorized access to the hospital’s network. While the Yuma Regional Medical Center (YMRC) brought its systems online briefly after detecting the attack, the hackers were still able to steal important files from the compromised servers.
“The investigation determined that an unauthorized person gained access to our network between April 21, 2022, and April 25, 2022, and removed a subset of files from our systems,” read the announcement from YMRC.
Data stolen by the threat actors contained sensitive information, ranging from names, Social Security numbers, and health insurance information to medical data collected from YMRC patients. No ransomware group has claimed responsibility for the attack on the hospital at the moment.
“We want to assure our community that we are taking this matter very seriously,” said YMRC in the incident notice. “To help prevent something like this from happening again, we strengthened the security of our systems and will continue enhancing our protocols to safeguard the information in our care.”
The hospital mailed letters to patients impacted by the data breach and offered complimentary identity theft protection and credit monitoring services to eligible parties. Additionally, YMRC left contact information for possible leak victims if they don’t receive their letters by July 10.