University of New Mexico Health

University of New Mexico Health, also known as UNM Health, operates as a healthcare provider within the United States of America. Its core function involves delivering medical services to patients, though the specific range of specialties or service lines beyond general healthcare provision is not detailed in the provided source material. The organization manages sensitive patient information as part of its clinical operations, including personal identifiers and medical data necessary for treatment and administration. This role inherently places it within the critical healthcare sector, handling protected health information subject to regulations like HIPAA. The scale of its patient base is indicated by the significant number of individuals affected in a cybersecurity incident, suggesting a substantial operational footprint serving a large community.

In March 2021, UNM Health experienced a significant cybersecurity breach impacting its network infrastructure. Intruders gained unauthorized access and maintained a presence within the network for a period of two months before the intrusion was discovered retrospectively. During this compromise, attackers successfully accessed and exfiltrated sensitive data belonging to over 637,000 patients. The stolen information encompassed a wide range of personal and medical details, including names, contact information, dates of birth, medical record numbers, insurance information, and clinical data. For a subset of affected individuals, Social Security numbers were also compromised. Notably, the breach did not extend to compromising the integrity or accessibility of the organization's core electronic health record systems themselves.

Following the discovery of the breach, UNM Health undertook response actions focused on mitigating future risks. The organization implemented enhanced protective measures across its network to bolster its security posture against similar attacks. Additionally, recognizing the role of human factors in security, UNM Health reinforced cybersecurity awareness and best practices among its staff through updated training programs. This incident underscored the persistent threat landscape facing healthcare entities managing vast amounts of sensitive personal data and highlighted the critical need for robust cybersecurity defenses and continuous vigilance within the sector. The response demonstrated an effort to address vulnerabilities exposed by the attack.