Yuma Regional Medical Center Experiences Ransomware Attack

June 16, 2022 - Yuma Regional Medical Center (YRMC) suffered a ransomware attack in late April that exposed the Social Security numbers and other personal information of thousands of individuals. In a notice posted on YRMC’s website shortly after incident, the medical center said that its facilities remained open and staff was using established downtime procedures and backup processes.

Multiple local reports say that the incident impacted 700,000 individuals, but the breach tally has not yet been posted on the Office for Civil Rights (OCR) data breach portal.

Arizona-based YRMC discovered ransomware on some of its external systems on April 25, 2022. Further investigation revealed that an unauthorized individual maintained access to YRMC’s systems from April 21 to April 25 and removed a subset of files from the systems.

Those files contained patient names, Social Security numbers, limited medical information, and health insurance information. The breach did not impact YRMC’s EMR system.

“We want to assure our community that we are taking this matter very seriously,” YRMC said.

“To help prevent something like this from happening again, we strengthened the security of our systems and will continue enhancing our protocols to safeguard the information in our care.”

Central Florida Inpatient Medicine Suffers Data Security Incident Impacting 197K

Central Florida Inpatient Medicine (CFIM) disclosed a data security incident that impacted 197,733 individuals. According to a notice on the practice’s website, CFIM determined on May 5, 2022 that an unauthorized actor had accessed an employee email account between August 21, 2021 and September 17.

The email account included names, medical information, Social Security numbers, financial account information, usernames and passwords, physician names, dates of service, and health insurance information.

“Since the date of this incident, CFIM has taken measures to improve its technical safeguards in order to minimize the risk of a similar incident in the future, including implementing additional technical safeguards on its email system, implementing multifactor authentication, and providing additional training to employees to increase awareness of the risks of malicious emails,” the notice stated.

CFIM offered credit monitoring to patients whose Social Security numbers were involved in the incident.

MA Ambulance Billing Service Faces Unauthorized Access, 69K Impacted

Nearly 69,000 individuals were impacted by a data security incident at Comstar, a Massachusetts-based ambulance billing service. The company provides ambulance billing, collection, consulting, and other services to municipal and nonprofit ambulance services.

A notice posted on Comstar’s website said that the company discovered suspicious activity related to certain servers on March 26. By April 21, Comstar learned that certain systems were subject to unauthorized access.

The impacted systems included names, medical assessments, health insurance information, driver’s license numbers, Social Security numbers, dates of birth, and financial account information. Comstar was unable to confirm the specific information that was accessed from those systems.

“The security of information in Comstar’s care is one of our highest priorities and we have strict security measures in place to protect information in our care,” the notice stated.

“Upon becoming aware of this incident, we immediately took steps to confirm the security of our systems. While we had policies and procedures in place at the time of incident regarding security of information, we are reviewing those policies and procedures to further protect against similar incidents moving forward.”