On September 29, 2023, Mount Graham Regional Medical Center (“MGRMC”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after confirming a recent ransomware attack. In this notice, MGRMC explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, addresses, email addresses, phone and fax numbers, dates of birth, driver’s license numbers, passport numbers, medical information and financial information. Upon completing its investigation, MGRMC began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you receive a data breach notification from Mount Graham Regional Medical Center, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Mt. Graham Regional Medical Center data breach. For more information, please see our recent piece on the topic here.

What Caused the Mt. Graham Regional Medical Center Data Breach?

The Mt. Graham Regional Medical Center data breach was only recently announced, and more information is expected in the near future. However, MGRMC’s website notice discussing the incident provides some important information on what led up to the breach. According to this source, on September 27, 2023, MGRMC learned that it had been the target of a ransomware attack beginning on approximately September 13, 2023.

In response, MGRMC shut down all unauthorized access within four hours of learning of the attack. MGRMC then engaged outside cybersecurity professionals to assist with its investigation.

The MGRMC investigation confirmed that the ransomware attackers were able to access or acquire certain data on its computer network, including files containing confidential patient information.

After learning that sensitive consumer data was accessible to an unauthorized party, Mt. Graham Regional Medical Center reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, address, email address, phone and fax number, date of birth, driver’s license number, passport number, medical information and financial information.

On November 15, 2023, Mt. Graham Regional Medical Center posted an update on its website outlining the attack and MGRMC’s response. In this notice, MGRMC also notes that it is in the process of sending out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Mount Graham Regional Medical Center

Mount Graham Regional Medical Center is a health care provider based in Safford, Arizona. MGRMC is the primary source of healthcare for residents of Graham and Greenlee Counties, providing a broad range of services. MGRMC also operates a cancer center, sleep center, rehabilitation facility, emergency room, and a six-bed ICU. Mt. Graham Regional Medical Center employs more than 507 people and generates approximately $52 million in annual revenue.