Yet another institution has come under attack by cybercriminals, and this time, it’s hitting us right at home.
On Monday, Yuma Regional Medical Center announced it was defending itself from a cyberattack, and law enforcement agencies were currently investigating.
According to YRMC, patient information was protected and had not been exposed, which is good news, but still – it’s an uncomfortable thought.
The hospital first detected activity indicating a potential cyberattack over the weekend, and began to closely monitor the network. On Monday, additional activity was detected late in the afternoon, at which point YRMC said it immediately shut down all network systems, and activated security and business continuity procedures.
As frustrating and scary as this is for YRMC and its patients, Yuma isn’t alone in this experience.
According to the Association of American Medical Colleges (AAMC), more than 600 U.S. health care organizations and more than 18 million patient records were affected in 2020 by cyberattacks, at an estimated cost of nearly $21 billion.
We don’t know how the attack began at YRMC, but AAMC brings up a valuable point: “It can take just one employee falling for a fake email to send malicious code speeding through a network in search of additional weaknesses to exploit.”
One expert told AAMC, “Cybercriminals try every hospital, every day; every computer, multiple times a day.”
That’s a sobering thought.
Think of all the personal data potentially stored in the records of a health care facility. There is financial data, insurance information, and then one’s medical history. And think about that for a moment. Patients have frank conversations with their medical providers about their health – that’s how one gets help to begin to heal. With doctor/patient confidentiality, patients discuss just about everything in an environment built on trust.
YRMC has stated no patient information has been compromised, which is reassuring.
However, that wasn’t the case in San Diego. Scripps Health was hit by a cyberattack in 2021. More than 140,000 patients, staff and physicians may have had their personal and financial information compromised during the attack, the San Diego Union Tribune reports. The hacker was not able to access Epic, which is Scripps’ main electronic health care records repository. But the hacker was able to access information outside of Epic, which included “addresses, dates of birth, health insurance information, medical record numbers, patient account numbers and clinical information such as physicians’ names, dates of service and/or treatment,” the Tribune reported.
Yikes.
As we’ve seen time and again, technology is a double-edged sword. It can save so much time and effort for hospital staff, making information readily available and helping to streamline data, but at the same time, that technology is not without risks, as we’ve seen over and over again.
The YRMC staff members are turning to paper to keep records of patient visits, using handwritten charts, paper prescriptions, etc. to continue patient care as they work to sort out the hacker situation.
It will take time to see the full impact of the YRMC cyberattack. Hopefully, the damage is kept to a minimum.
In the meantime readers, if you have YRMC appointments coming up, please be patient with your YRMC care providers – it’s going to be a challenging road for them until IT experts can bring their systems safely back online.