Ransomware Attack on Desert Wells Family Medicine Brings about Permanent Loss of EHR Records

Desert Wells Family Medicine located in Queen Creek, AZ has commenced informing 35,000 individuals concerning the exposure of their protected health information (PHI) in the latest ransomware attack. The attack took place on May 21, 2021 and brought about the encryption of files, such as its electronic health record (EHR) system.

All information had backup copies before the attack, however, aside from encrypting data, the attacker destroyed backup copies so that all records included in its EHR system prior to May 21 can’t be restored. The types of data in the system that the attackers could have acquired in the incident were patient names, birth dates, addresses,
Social Security numbers, billing account numbers treatment details, and medical record numbers.

Desert Wells reported it did not find any proof that indicates any actual or attempted patient information misuse, and the third-party computer forensics experts didn’t get any proof regarding the exfiltration of patient data before file encryption, though it wasn’t possible to exclude data theft with a high level of assurance. Therefore, Desert Wells made the decision to give impacted patients free identity theft protection and credit monitoring services.

Upon learning about the magnitude of the problem, Desert Wells hired some other forensics and recovery providers to try and restore the information. Sad to say, these works thus far have not succeeded and patient electronic data prior to May 21, 2021, cannot be retrieved, stated Daniel Hoag, MD, Desert Wells’ family medicine doctor.

Desert Wells is making a brand new EHR system and is seeking to fill patient files with details acquired from other sources, including hospitals, labs, pharmacies, and medical imaging centers; nonetheless, it is possible that certain patient data were completely lost.

According to Hoag, this is a disturbing situation and genuinely apologized for any issue it may bring about. A lot of healthcare companies in the local community, and all over the nation, were affected by cybersecurity incidents. So, Desert Wells is carrying on with its initiatives to strengthen its systems security and the information given them, which include using enhanced endpoint detection and 24-hour threat supervision, and giving more training and education to staff members.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone