Arizona Medical Practice Permanently Loses EHR Data

A medical practice in Arizona has lost nearly all the data entered into its electronic health record (EHR) system due to a cyber-attack. 

Desert Wells Family Medicine, which has been serving patients in Queens Creek for 20 years, was attacked by cyber-criminals on May 21. The practice had backed up all its EHR data before the attack took place, but the attackers managed to encrypt both the original files and the backup files using ransomware.

The practice has begun notifying 35,000 patients that their protected health information has been compromised. Information that attackers may have accessed during the security incident included patient names, dates of birth, addresses and billing account numbers. Personal information also included medical record numbers, treatment information and Social Security numbers. 

Desert Wells said it had done everything that it could to retrieve the encrypted data, including engaging external specialists, but their efforts had proved fruitless.

All EHR information added into Desert Wells’ system prior to the attack has been lost forever, and the practice is currently constructing an entirely new EHR system.  

“Upon discovering the extent of the damage, we engaged additional forensics and recovery services as part of our exhaustive efforts to do everything we could to try and recover the data,” said Daniel Hoag, MD, a family medicine physician at Desert Wells. 

“Unfortunately, these efforts to date have been unsuccessful and patient electronic records before May 21, 2021, are unrecoverable.”

The practice said they found no evidence to suggest any of the compromised patient data was misused. In addition, third-party computer forensics experts hired to investigate the incident found no evidence that any patient data had been exfiltrated from Desert Wells before the files were encrypted. 

“We recognize this is an upsetting situation and, from my family to yours, sincerely apologize for any concern this may cause,” said Hoag. “I’m sure many of you have been reading about other healthcare providers in the community, and around the country, that have been impacted by cybersecurity events.”

Hoag added that Desert Wells is continuing to take steps to enhance the security of its systems, including improving its endpoint detection, implementing 24/7 threat monitoring, and providing additional training and education to staff.

What’s Hot on Infosecurity Magazine?