YRMC notifies patients of data leak
Hospital sets up call center to address questions
Yuma Regional Medical Center mailed letters to patients whose information may have been involved in a recent cybersecurity incident.
On April 25, YRMC detected a ransomware attack affecting some internal systems and took systems offline, communicated with law enforcement and started an investigation with the help of a third-party forensic firm.
The investigation determined that an unauthorized person gained access to YRMC’s network between April 21-25 and removed a subset of files from the systems during that time. Some of these files contained patient information, including names, Social Security numbers, health insurance information and limited medical information.
YRMC’s electronic medical records application was not accessed during this incident, YRMC said in a statement.
On Thursday, YRMC mailed letters to affected patients and opened a dedicated, toll-free call center to answer questions about this incident. YRMC is also offering complimentary credit monitoring and identity theft protection services to those who are eligible.
“YRMC takes the privacy and confidentiality of its patients’ information very seriously and sincerely regrets any inconvenience or concern this incident may have caused patients and their families,” YRMC stated.
To help prevent another cyberattack like this from happening again, YRMC strengthened the security of its systems and pledged to continue enhancing its protocols to safeguard the information in its care.
Patients with questions may contact the dedicated, external call center available at 855-503-3409, Monday through Friday, 6 a.m. to 3:30 p.m., Pacific Time. More information is
FROM PAGE A1
available on YRMC’s website: yumaregional.org.
SENATOR ADDRESSES CYBERATTACKS
During a ransomware attack, an individual or organization gains access to a computer network and deploys malicious software, sometimes through email, to block access to data or computers until a ransom fee is paid.
Ransomware attacks targeting medical facilities have been increasing. According to the Federal Bureau of Investigations, at least 148 healthcare organizations suffered ransomware attacks in 2021. The FBI Internet Crime Complaint Center anticipates an increase in ransomware attacks in 2022, as reported by the HIPAA Journal.
The vast majority of cyber criminals operate from outside the United States, often in nations that do not cooperate with or extradite criminals, according to John Riggi, senior adviser for cybersecurity and risk at the American Hospital Association.
On Tuesday, Arizona Sen. Kyrsten Sinema spoke during a Senate Homeland Security and Governmental Affairs Committee hearing, urging bipartisan cooperation to strengthen America’s cybersecurity. Sinema highlighted the recent attack against YRMC and last year’s ransomware attack on the City of Kingman.
“Our bipartisan infrastructure law invests in state and local cybersecurity to combat ransomware, and I cosponsored legislation creating new cyber incident reporting requirements. We need to continue to work together to enhance our cybersecurity and hold hackers – and the countries that provide them safe harbor – accountable,” said Sinema, a member of the Senate Homeland Security and Governmental Affairs Committee.
During the hearing, Sinema asked the witnesses about the tools and factors that allow cryptocurrency to be exploited for ransomware attacks, “which have wreaked havoc on communities around the country, including in Arizona,” a Sinema press release said.
The senator used the YRMC and Kingman incidents as examples of ransomware attacks disrupting lives, breaching sensitive data and causing harm.
In March, during a Senate Banking Committee hearing with Jonathan Levin, co-founder and chief strategy officer of Chainalysis, Sinema discussed his company’s efforts to assist law enforcement and sanctions professionals in tracking down and tracing illicit activity on the blockchain, a digital ledger that keeps a public, transparent record of cryptocurrency transactions.
Sinema partnered with Wyoming Republican Sen. Cynthia Lummis to launch the bipartisan U.S. Senate Financial Innovation Caucus, which aims to highlight responsible innovation in the U.S. financial system and how financial technologies can boost America’s economic global standing and expand opportunities in Arizona and across the country.
Sinema also cosponsored the Cyber Incident Reporting Act, a version of which was signed into law in March. This law will require critical infrastructure operators to report cyberattacks and ransomware payments to the Department of Homeland Security, so that the government can help victims quickly recover and stop hackers from attacking other critical systems.