Arizona hospital says SSNs of 700,000 people leaked during April ransomware attack
Jonathan Greig June 13, 2022

Arizona hospital says SSNs of 700,000 people leaked during April ransomware attack

Arizona hospital says SSNs of 700,000 people leaked during April ransomware attack

A major hospital in Yuma, Arizona is sending breach notification letters to more than 700,000 patients after a ransomware attack in April lead to a data breach involving Social Security numbers.

In letters to victims recently made public, Yuma Regional Medical Center (YRMC) said it discovered a ransomware attack on April 25 and immediately took systems offline before contacting cybersecurity experts and law enforcement. 

“The investigation determined that an unauthorized person gained access to our network between April 21, 2022, and April 25, 2022, and removed a subset of files from our systems,” the organization said. 

“The files contained certain patient information, including names, Social Security numbers, health insurance information and limited medical information relating to care as a YRMC patient.”

The organization is offering free credit monitoring and identity theft protection services “to those who are eligible.”

No ransomware group has publicly claimed credit for the attack yet.

Ransomware attacks on healthcare organizations have continued throughout 2021 and 2022, including recent attacks on a California nonprofit in March by the Hive ransomware groups. 

FBI Director Christopher Wray said last week that an Iran-based group attacked the Boston Children’s Hospital with ransomware last June. 

Healthcare organizations also continue to face a barrage of cyberattacks involving the theft of patient and employee sensitive data. 

On Monday, Kaiser Foundation Health Plan of Washington announced that it began sending out breach notification letters to 70,000 state residents due to a cyberattack that took place April 5. 

The sensitive information of two million people was accessed during a March cyberattack on Shields Health Care Group, a Massachusetts-based healthcare organization that provides services to dozens of hospitals and other medical facilities. The company said the hackers gained access to databases that contained full names, Social Security numbers and more. 

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.