On June 4, 2021, San Juan Regional Medical Center (“SJRMC”) in New Mexico posted a breach notice on their web site.
The notice said that SJRMC had identified unauthorized access to their network on September 8, 2020. Their subsequent investigation revealed that the threat actor removed files from the server on September 7-8, 2020.
Following a thorough manual document review of the files that were removed, we discovered on April 6, 2021 that the impacted files contained the personal and protected health information of certain patients. The impacted information includes names, dates of birth, Social Security numbers, driver’s license numbers, passport information, financial account numbers, health insurance information, and medical information (diagnosis, treatment, medical record number, patient account number).
Read the full notification on their web site.
The center reported the incident to HHS as impacting 68,792 patients.