YRMC data breach aftermath
YUMA, Ariz. (KYMA, KECY) - It's been close to two months since Yuma Regional Medical Center (YRMC) faced a cyberattack affecting 700,000 patients.
You may have received a letter from YRMC telling you the recent cyber attack might have compromised your personal information with steps to follow if you were affected.
YRMC says the 700,000 patients include those who live in Yuma County as well as those working and visiting Yuma on a short-term or seasonal basis.
Each letter has a toll-free number available for questions and also offers free credit monitoring and identity theft protection to those eligible.
One local, Jason Brake, received one of these letters saying his children's information was compromised.
He believes the hospital should be doing more to protect those affected.
“That information’s out there," said Brake. "They can’t get his social security number back from the breach, it could have already been sold. So what happens one year from now when credit monitoring has expired?”
We're aware of at least one law firm looking for patients who received a data breach notice from YRMC, saying patients could be compensated.
Brake says he’s worried the data breach could follow his children for a long time, especially when they turn 18.
“If anything has ever been hacked, that monitoring needs to be for a lifetime," said Brake.
We reached out to YRMC to ask how many of the 700,000 patients actually received a letter and what percentage of its total patients were affected by the hack.
But the hospital told us it could not disclose any more information on this case.
Only that it's still part of an active investigation.
Blake says he spoke with his peers about the breach and they share the same questions we do.
“Since Yuma is the only hospital in this area, I am assuming with this breach, anyone that’s ever been to Yuma Regional Medical Center, their information is out there, what’s happening to it? Nobody knows,” said Brake.
The letter states the date compromised includes patient names and at least one or more of the following:
- A social security number.
- A health insurance ID number.
- Demographic info.
- And/or limited medical information related to patient care.