Poor Security At Yuma Regional Medical Center Places Seven Hundred Thousand At Permanent Risk Of Identity Theft Featured
Yuma Regional Medical Center (YRMC), an Arizona based healthcare provider, faces a class action over an April 2022 data breach that compromised the personal and health information of 737,448 current and former patients.
Failure To Follow Industry Security Guidelines Allowed Hackers To Gain Access To Data
The lawsuit alleges that YRMC failed to meet data security standards set by the Health Insurance Portability and Accountability Act (HIPAA) and other state and federal statutes. As a result cyber criminals were able to infiltrate its system between April 21 and 25, 2022.
Information obtained by cyber criminals include current and former patients’ names, Social Security numbers, health insurance information, demographic details and medical information. Those whose information was compromised now face a significant risk of identity theft, fraud and misuse of their sensitive data.
YRMC Were Aware That Criminals Target Personal Identifying Information
According to the lawsuit, YRMC should have known its patients PII/PHI was a target for malicious actors – especially in light of numerous recent data breaches across the country targeting such information within its industry. Despite this knowledge, YRMC failed to implement and maintain the prescribed standard of protection.
YRMC Publicly Acknowledged Data Breach On June 9 2022 And Announces Strengthened Security
Yuma Regional Medical Center began notifying victims of the data breach by way of a mailed notice dated June 9, 2022. The notice requests that patients who believe they might be affected but have not received a letter by July 10, 2022 to contact them.
To avoid a future data breach, YRMC belatedly announced it would strengthen its data security but fell short of saying it would comply with industry standards.
YRMC also announced it will offer free credit monitoring to affected individuals, but did not elaborate on how long it would provide this service. This is particularly concerning given stolen PII/PHI often lays dormant for a period after the theft only to emerge in later years.