Cyber Incident Victim: Desert Wells Family Medicine

Desert Wells Family Medicine, an Arizona-based healthcare organization, discovered a ransomware attack on May 21, 2021, prompting immediate engagement of an incident response team. The attackers had corrupted patient records and organizational data prior to the discovery date. An investigation confirmed unauthorized access to sensitive information affecting 35,000 patients. Exposed data included full names combined with physical addresses, Social Security numbers, dates of birth, driver's license numbers, and details regarding medical treatments and diagnoses. The organization did not publicly identify the ransomware group responsible or specify the exact duration of unauthorized system access prior to detection. No ransom payment details or communication with threat actors were disclosed in breach notifications.

In response, Desert Wells Family Medicine initiated breach notification letters to affected individuals, offering complimentary credit monitoring and identity theft protection services. The organization advised patients to review financial statements, credit reports, and insurance explanations of benefits for suspicious activity. No specific technical containment measures or system restoration timelines were publicly outlined. The incident occurred amid heightened ransomware targeting of healthcare providers during the COVID-19 pandemic, with parallel attacks noted against other organizations like California-based LifeLong Medical Care. Security experts cited the event as reinforcing concerns about third-party vendor risks and ransomware operators increasingly exfiltrating sensitive health data beyond merely encrypting systems. Federal advisories from the FBI had previously warned healthcare entities about ransomware groups like Hive actively corrupting backup data to impede recovery efforts.