Desert Wells Family Medicine Ransomware Attack Causes Permanent Loss of EHR Data

Queen Creek, AZ-based Desert Wells Family Medicine has started notifying 35,000 patients that their protected health information has been compromised in a recent ransomware attack. The attack occurred on May 21, 2021 and resulted in the encryption of data, including its electronic health record (EHR) system.

All data had been backed up prior to the attack, but in addition to encrypting files, the attacker corrupted backup files which means all data contained in its EHR system prior to May 21 cannot be recovered. The types of data in the system, which may also have been obtained by the hackers in the incident, included patient names, addresses, dates of birth, billing account numbers, Social Security numbers, medical record numbers, and treatment information.

Desert Wells said it has not found any evidence that suggests there has been any attempted or actual misuse of patient data, and the third-party computer forensics investigators found no evidence that patient data had been exfiltrated prior to file encryption, although it was not possible to rule out data theft with a high degree of certainty. Consequently, the decision was taken to offer affected patients complimentary identity theft protection and credit monitoring services.

“Upon discovering the extent of the damage, we engaged additional forensics and recovery services as part of our exhaustive efforts to do everything we could to try and recover the data. Unfortunately, these efforts to date have been unsuccessful and patient electronic records before May 21, 2021, are unrecoverable,” said Daniel Hoag, MD, a family medicine physician at Desert Wells.

Desert Wells is constructing a new EHR system and is attempting to populate patient records with data obtained from other sources, which includes hospitals, pharmacies, laboratories, and medical imaging centers; however, it is likely that some patient data have been permanently lost.

“We recognize this is an upsetting situation and, from my family to yours, sincerely apologize for any concern this may cause,” said Hoag. “I’m sure many of you have been reading about other healthcare providers in the community, and around the country, that have been impacted by cybersecurity events. For our part, we are continuing to take steps to enhance the security of our systems and the data entrusted to us, including by implementing enhanced endpoint detection and 24/7 threat monitoring, and providing additional training and education to our staff.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.