Cyber Incident Victim: Prothena
Date:
Dec 2021
Location:
United States of America
Summary
A ransomware attack compromised a medical center, leading to the theft of personal and health data belonging to 700,000 patients. Threat actors initially accessed the network four days prior to deploying ransomware, exfiltrating sensitive information including names, Social Security numbers, health insurance details, and medical records. The incident forced the organization into electronic health record downtime procedures, causing service delays and appointment cancellations, though patient care continued using backup systems. Facilities remained operational during the attack, and systems were restored following collaboration with law enforcement and cybersecurity experts. While the electronic medical records application remained unaffected, the organization implemented enhanced security measures post-incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The incident involving Yuma Regional Medical Center (YRMC) began on April 21, 2021, when threat actors initially infiltrated the hospital's network. Attackers maintained undetected access for four days before deploying ransomware on April 25, which disrupted critical healthcare systems and forced the organization into electronic health record downtime procedures. YRMC activated backup processes to sustain clinical operations while cybersecurity personnel worked to contain the attack. Medical facilities remained operational throughout the incident, though the hospital experienced service delays and appointment cancellations due to IT system unavailability.
YRMC engaged law enforcement and third-party cybersecurity experts to investigate the breach and restore systems. Forensic analysis confirmed attackers exfiltrated sensitive data from a subset of files during the four-day dwell period prior to ransomware deployment. Compromised information included 700,000 patients' names, Social Security numbers, health insurance details, and medical care records. The electronic medical record application itself was not compromised by the ransomware. YRMC completed system restoration and implemented enhanced security measures following the attack, while continuing to refine its information protection protocols. Patient notifications were issued after the investigation confirmed the scope of data theft.