Cyber Incident Victim: Yuma Regional Medical Center
Date:
Apr 2022
Location:
United States of America
Summary
Yuma Regional Medical Center experienced a ransomware attack that compromised sensitive data belonging to over 700,000 individuals after unauthorized actors accessed its network over several days in April. The hospital detected the intrusion, shut down affected systems, and engaged cybersecurity experts and law enforcement, including the FBI. Initially reporting no confirmed data compromise, subsequent investigations revealed that attackers exfiltrated files containing patient names, Social Security numbers, health insurance details, and limited medical information. The organization offered credit monitoring and identity theft protection to affected individuals, though no ransomware group publicly claimed responsibility. While critical systems remained offline during remediation, patient care continued using established backup procedures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Yuma Regional Medical Center (YRMC) in Arizona experienced a ransomware attack between April 21 and April 25, 2022. The hospital's IT department first detected suspicious network activity over the weekend preceding April 24, prompting initial monitoring. At approximately 4:00 PM on April 24, YRMC identified an active intrusion attempt and immediately shut down all network-connected systems as a containment measure. This full system outage continued indefinitely while cybersecurity experts and law enforcement agencies, including the FBI, conducted forensic investigations. On April 25, YRMC publicly confirmed the ransomware incident and disclosed that an unauthorized actor had exfiltrated files during the four-day access period. The hospital maintained emergency operations using pre-established downtime procedures, which included relying on backup systems for patient scheduling and directing communications through personal cell phones rather than compromised internal networks.
Investigators determined the attackers removed files containing sensitive personal information of over 700,000 individuals. The compromised data included full names, Social Security numbers, health insurance details, and limited medical treatment information related to YRMC patients. Despite initial statements on April 24 suggesting no data compromise, subsequent analysis confirmed the large-scale breach. YRMC began mailing breach notifications to affected individuals and offered complimentary credit monitoring and identity theft protection services to eligible recipients. No ransomware group claimed responsibility for the attack publicly. The incident occurred amid heightened cyber targeting of healthcare organizations in 2022, including contemporaneous attacks on Kaiser Foundation Health Plan of Washington and Shields Health Care Group, which collectively exposed data of over two million people. YRMC maintained systems offline until forensic clearance while coordinating recovery efforts with government agencies.