◆ A ransomware attack at Yuma Regional Medical Center in Yuma, Arizona, compromised the protected health information of more than 737,000 patients, the medical center said. The attack was detected on April 25, and the investigation determined that an unauthorized person gained access to the hospital’s network between April 21 and April 25, and removed files from the hospital’s systems. The medical center said that some of those files contained patient information, including names, Social Security numbers, health insurance information, and limited medical information. “Our facilities remain open, and we continue to provide care for our patients using established back-up processes and other downtime procedures,” the hospital said in a statement about the ransomware attack.^[1] “Nevertheless, we understand there are certain delays in our services, and we recognize this is an inconvenience. At this time, most appointments continue to take place as scheduled.” The organization has mailed breach notifications to affected patients and set up a dedicated toll-free call center to answer questions about the incident.

◆ Approximately 600 patients’ personal medical records were compromised in a breach at the Santa Barbara County Department of Wellness when a staff member “used their credentials to log into the electronic medical record system and viewed client information,” a department spokesperson said.^[2] “This breach was discovered as a result of the department proactively implementing a new security measure, which immediately worked to call attention to this breach and will continue to serve this function going forward.” The breach occurred on March 30. Names, addresses, email addresses, phone numbers, Social Security numbers, insurance information, medical record numbers and some medical information were compromised. An audit showed that no information was downloaded or printed. The department said it had terminated access to client records for the employee responsible but did not say if that person was fired.