Healthcare-related businesses are frequent targets of cyberattacks because they store so much information that is valuable to identity thieves. In this case, the complaint alleges that Yuma Regional Medical Center (YRMC) did not take reasonable care in safeguarding its patients’ sensitive private information, leading to its exposure in a cyberattack in April 2022.
A class and a subclass have been defined for this action:
- The Nationwide Class is all persons whose private information was compromised as a result of the data breach discovered around April 2022 and who were sent notice of the data breach.
- The Arizona Subclass is all persons living in Arizona whose private information was compromised as a result of the data breach discovered around April 2022 and who were sent notice of the data breach.
The complaint quotes the Notice of Data Breach posted at YRMC’s website as saying, “On April 25, 2022, we identified a ransomware incident affecting some internal systems. … The investigation determined that an unauthorized person gained access to our network between April 21, 2022 and April 25, 2022, and removed a subset of files from our systems.”
The information stolen included names, Social Security numbers, health insurance information, and “limited medical information relating to care as a YRMC patient.” More than 737,000 patients who had received services from YRMC were affected.
One of the two plaintiffs in this case, Carol Ashby, appears to have experienced problems with the YRMC system during the time of the cyberattack or even possibly earlier: “After scheduling a doctor’s appointment on the week of April 18, 2022, Ms. Ashby arrived at a Yuma Regional facility to find out that her appointment had been cancelled, that she no longer had use of the hospital’s patient portal, and that the medical staff had no record of her appointment. Hospital staff mentioned that the institution’s systems were affected and that they likely would not be able to reschedule her appointment until a later date.”
However, according to the complaint, YRMC did not announce the ransomware attack and data breach until June 2022. Even then, the complaint alleges that the notice provided was “woefully deficient” and did not provide details of how the cybercriminals had accessed the system, whether the information had been encrypted, and so on. Also, the complaint claims YRMC offered the individual victims only a year of credit monitoring.
The complaint charges that YRMC did not take adequate measures to ensure that patient private information was protected. The complaint alleges that YRMC’s “failure to provide adequate security measures to safeguard patients’ Private Information is especially egregious because [YRMC] operates in a field which has recently been a frequent target of scammers attempting to fraudulently gain access to patients’ highly confidential Private Information.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Yuma Regional Medical Center Data Breach Complaint
July 21, 2022
Healthcare-related businesses are frequent targets of cyberattacks because they store so much information that is valuable to identity thieves. In this case, the complaint alleges that Yuma Regional Medical Center (YRMC) did not take reasonable care in safeguarding its patients’ sensitive private information, leading to its exposure in a cyberattack in April 2022.
Yuma Regional Medical Center Data Breach ComplaintCase Event History
Yuma Regional Medical Center Data Breach Complaint
July 21, 2022
Healthcare-related businesses are frequent targets of cyberattacks because they store so much information that is valuable to identity thieves. In this case, the complaint alleges that Yuma Regional Medical Center (YRMC) did not take reasonable care in safeguarding its patients’ sensitive private information, leading to its exposure in a cyberattack in April 2022.
Yuma Regional Medical Center Data Breach Complaint