700K YRMC Patients Impacted By Data Leak

A data leak from a Madison, Wisconsin-based health insurance company has revealed that 700K YRMC patients impacted by data leak. The information disclosed in the data leak includes names, birthdates, Social Security numbers, and health information. The affected individuals were all customers of the company’s individual health insurance plans. Also, learn the differences between data leak vs data breach for the depth of knowledge.

Yuma Regional Medical Center in Arizona informed 700,000 patients that their personal information and medical records were stolen ahead of the April ransomware attack.

On the official YRMC website, the site displayed a notice indicating that the local healthcare institution was forced to perform electronic health record Time-of-Use procedures on April 25 after the ransomware attack had occurred. The hospital had to use previously implemented backup solutions, allowing patients to continue receiving care throughout the episode without loss of quality of service.

YRMC assisted law enforcement and a wholly owned subsidiary of cybersecurity to bring the main systems back online while honoring patients’ confidentiality and privacy. The facility remained open for service during the cyberattack, but officials were unable to publicly inform the extent of the delays that cropped up since some patient services were affected.

Still, through the elimination of existing system vulnerabilities and systems security, YRMC strives to continually improve security procedures.

The subsequent investigation into the cyberattack enabled the researchers to determine the exact date and time when the attackers gained access to the network and deployed the ransomware. During the dwell time, the threat actor removed a subset of patient files from the YRMC systems.

The stolen information of 700K YRMC patients impacted by data leak included the names, Social Security numbers, insurance details, and medical histories of the patients affected. The investigation concluded that the ransomware did not influence the electronic medical record system in place.