DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

All of Desert Wells Family Medicine patients’ electronic health records were corrupted and unrecoverable from ransomware attack

Posted on September 10, 2021 by Dissent

On August 30, HHS added Queen Creek Medical Center d/b/a Desert Wells Family Medicine in Arizona to its public breach tool. The entity had reported that 35,000 patients were impacted by a breach involving a hack of the network.

We now have more details on that incident available thanks to a public disclosure of their notification and a copy of their letter to patients, both of which are linked from their web site.

According to their notification and letter, which was first spotted by Health ITSecurity, on May 21, 2021, Desert Wells experienced a ransomware incident that impacted many of its IT systems.

Investigation into the incident found no evidence that any sensitive data was exfiltrated, but

the unauthorized individual who accessed the network corrupted the data and patient electronic health records in Desert Wells’ possession prior to May 21, 2021 are unrecoverable despite our exhaustive efforts to try to recover our patients’ sensitive information.

The practice did have backups in place, but report that the backup data was also corrupted by the unauthorized individual.

It is not clear from the notification whether the threat actor was just incompetent at encrypting files or if the corruption of files and backup was intentional to pressure the entity into paying ransom to get a copy that the threat actor may have exfiltrated without it being detected by investigators.

Desert Wells makes no mention of any ransom demand or negotiations although they do describe the incident as a ransomware attack.

This information in the involved patient electronic health records may have included patients’ names in combination with their address, date of birth, Social Security number, driver’s license number, patient account number, billing account number, health insurance plan member ID, medical record number, dates of service, provider names, and medical and clinical treatment information.

Desert Wells’ notification gives a clue as to the massive task that lies ahead:

Desert Wells will continue to expend every effort to rebuild patients’ electronic health records in a new and enhanced electronic medical record system. This includes compiling our patients’ data from other sources, including from medical specialists, previous medical providers, hospitals, pharmacies, imaging centers, and labs, among others. We will request that patients update necessary forms during this process.

When you think about the enormity of the task, it may become clearer why Wood Ranch Medical decided to close their practice in similar circumstances.

In a companion letter to patients, Dr. Daniel Hoag addresses the matter forthrightly, informs patients that they are being offered credit monitoring and identity theft restoration services should they be needed, and ends the letter with a very human note:

We recognize this is an upsetting situation and, from my family to yours, sincerely apologize for any concern this may cause. I’m sure many of you have been reading about other healthcare providers in the community, and around the country, that have been impacted by cybersecurity events. For our part, we are continuing to take steps to enhance the security of our systems and the data entrusted to us, including by implementing enhanced endpoint detection and 24/7 threat monitoring, and providing additional training and education to our staff.

We thank our loyal patients for your patience and understanding, as we continue to work day and night to bring you the high quality care and service you deserve.

This attack never showed up on any of the ransomware leak sites that DataBreaches.net checks on a frequent basis.  Nor has any data allegedly from any attack shown up for sale or free on any forum where such data normally appear.

 

Category: Health DataMalwareOf NoteU.S.

Post navigation

← New .avos2 variant: AvosLocker affiliate extorts $ 85k from victim thanks to old vulnerability in FortiGate VPN
Fujitsu confirms stolen data not connected to cyberattack on its systems →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ShinyHunters and team members arrested in France (1)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.