Ransomware Attack on Desert Wells Family Medicine Results in Permanent Loss of EHR Information

Desert Wells Family Medicine based in Queen Creek, AZ has begun sending notifications to 35,000 patients regarding the compromise of their protected health information (PHI) in a recent ransomware attack. The attack happened on May 21, 2021 and caused the encryption of information, which includes its electronic health record (EHR) system.

All information was backed up before the ransomware attack, but besides encrypting records, the attacker corrupted backup files and so all records contained in its EHR system prior to May 21 cannot be retrieved. The types of data in the system, which the hackers might have obtained in the incident included patient names, dates of birth, addresses,
billing account numbers, Social Security numbers, treatment data, and medical record numbers.

Desert Wells stated it did not find any information that suggests any attempted or actual patient information misuse, and the third-party computer forensics specialists did not get any evidence concerning the exfiltration of patient data before file encryption, although it was not possible to eliminate data theft with a high degree of confidence. As a result, Desert Wells decided to provide affected patients complimentary identity theft protection and credit monitoring services.

Upon finding out about the degree of the damage, Desert Wells engaged more forensics and recovery services to try and retrieve the information. Sadly, these initiatives up to now have been unsuccessful and patient electronic information prior to May 21, 2021, cannot be recovered, reported Daniel Hoag, MD, Desert Wells’ family medicine physician.

Desert Wells is building a new EHR system and is trying to populate patient records with information taken from other sources, such as hospitals, laboratories, pharmacies, and medical imaging centers; nevertheless, it is probable that a number of patient data have been forever lost.

According to Hoag, this is a distressing situation and seriously apologized for any problem it may result in. Many healthcare providers in the community, and around the country, were impacted by cybersecurity activities. So, Desert Wells is moving forward with its efforts to improve the security of its system and the information entrusted to them, such as employing enhanced endpoint detection and round-the-clock threat monitoring, and providing extra training and education to employees.