Yuma Regional Medical Center (YRMC) in Arizona has announced it was the victim of a ransomware attack in April in which the attackers obtained the protected health information of approximately 700,000 current and former patients.

According to the recent YRMC announcement, the attack was detected on April 25, 2022, which affected some of its IT systems. YRMC said immediate action was taken to contain the attack, and systems were taken offline to prevent further unauthorized access. Law enforcement was notified, and a third-party computer forensics firm was engaged to assist with the investigation and determine the nature and scope of the attack. The investigation confirmed that the attackers gained access to its systems between April 21 and April 25, 2022, and, prior to file encryption, a subset of files were exfiltrated from its systems.

YRMC said it is working with security experts to bring its systems back online as quickly as possible. Throughout the attack, its facilities remained open and operated using established backup processes and downtime procedures, which did result in some delays to certain services; however, most scheduled services continued as scheduled.

Notification letters have recently been sent to affected individuals. YRMC said the files exfiltrated from its systems included names, Social Security numbers, health insurance information, and limited medical information. YRMC said its electronic medical record system was not accessed. The affected individuals included current and former patients in Yuma County on individuals working in Yuma County on a short-term or seasonable basis.

Steps have been taken to improve security to prevent further attacks and affected individuals have been offered complimentary credit monitoring and identity theft protection services. Ransomware attacks often result in the exposure of stolen data if the ransom is not paid. It is unclear in this case if payment was made. No ransomware threat group appears to have claimed responsibility for the attack.