DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

All of Desert Wells Family Medicine patients’ electronic health records were corrupted and unrecoverable from ransomware attack

Posted on September 10, 2021 by Dissent

On August 30, HHS added Queen Creek Medical Center d/b/a Desert Wells Family Medicine in Arizona to its public breach tool. The entity had reported that 35,000 patients were impacted by a breach involving a hack of the network.

We now have more details on that incident available thanks to a public disclosure of their notification and a copy of their letter to patients, both of which are linked from their web site.

According to their notification and letter, which was first spotted by Health ITSecurity, on May 21, 2021, Desert Wells experienced a ransomware incident that impacted many of its IT systems.

Investigation into the incident found no evidence that any sensitive data was exfiltrated, but

the unauthorized individual who accessed the network corrupted the data and patient electronic health records in Desert Wells’ possession prior to May 21, 2021 are unrecoverable despite our exhaustive efforts to try to recover our patients’ sensitive information.

The practice did have backups in place, but report that the backup data was also corrupted by the unauthorized individual.

It is not clear from the notification whether the threat actor was just incompetent at encrypting files or if the corruption of files and backup was intentional to pressure the entity into paying ransom to get a copy that the threat actor may have exfiltrated without it being detected by investigators.

Desert Wells makes no mention of any ransom demand or negotiations although they do describe the incident as a ransomware attack.

This information in the involved patient electronic health records may have included patients’ names in combination with their address, date of birth, Social Security number, driver’s license number, patient account number, billing account number, health insurance plan member ID, medical record number, dates of service, provider names, and medical and clinical treatment information.

Desert Wells’ notification gives a clue as to the massive task that lies ahead:

Desert Wells will continue to expend every effort to rebuild patients’ electronic health records in a new and enhanced electronic medical record system. This includes compiling our patients’ data from other sources, including from medical specialists, previous medical providers, hospitals, pharmacies, imaging centers, and labs, among others. We will request that patients update necessary forms during this process.

When you think about the enormity of the task, it may become clearer why Wood Ranch Medical decided to close their practice in similar circumstances.

In a companion letter to patients, Dr. Daniel Hoag addresses the matter forthrightly, informs patients that they are being offered credit monitoring and identity theft restoration services should they be needed, and ends the letter with a very human note:

We recognize this is an upsetting situation and, from my family to yours, sincerely apologize for any concern this may cause. I’m sure many of you have been reading about other healthcare providers in the community, and around the country, that have been impacted by cybersecurity events. For our part, we are continuing to take steps to enhance the security of our systems and the data entrusted to us, including by implementing enhanced endpoint detection and 24/7 threat monitoring, and providing additional training and education to our staff.

We thank our loyal patients for your patience and understanding, as we continue to work day and night to bring you the high quality care and service you deserve.

This attack never showed up on any of the ransomware leak sites that DataBreaches.net checks on a frequent basis.  Nor has any data allegedly from any attack shown up for sale or free on any forum where such data normally appear.

 

Category: Health DataMalwareOf NoteU.S.

Post navigation

← New .avos2 variant: AvosLocker affiliate extorts $ 85k from victim thanks to old vulnerability in FortiGate VPN
Fujitsu confirms stolen data not connected to cyberattack on its systems →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.