700K patients involved in Arizona hospital cybersecurity incident

A ransomware attack at Yuma Regional Medical Center in April potentially involved 700,000 patients.

The attack took place between April 21 and April 25 and affected the southwestern Arizona hospital's internal systems, the hospital said Friday. In response, the hospital said it took its systems offline and launched an investigation into the incident.

There have been at least 270 data breaches within healthcare this year, according to the U.S. Department of Health and Human Services Office for Civil Rights breach portal. The single large breach occurred in May, which involved 2 million Shields Health Care Group patients.

Yuma Regional Medical Center reported this cybersecurity incident to HHS, a hospital spokesperson said. Hospitals covered by the Health Insurance Portability and Accountability Act have 60 days from when they detect a breach to notify the HHS.

The not-for-profit hospital mailed letters Thursday to patients whose data may have been compromised. That data may have included patient names, Social Security numbers, health insurance information and limited medical information. The hospital said its electronic medical records application was not compromised.

The hospital is providing a toll-free call center to patients seeking more information as well as free credit monitoring and identity theft protection services for those impacted.

The spokesperson declined to answer questions regarding which locations were affected in the breach, whether the leaked information was used for fraud or whether the hospital plans for system downtime.