Mt. Graham Regional Medical Center Public Notice
We are writing in follow up to our previous communications regarding the ransomware attack on Mt. Graham Regional Medical Center (MGRMC).
On September 27, 2023, Mt. Graham Regional Medical Center (MGRMC) detected and stopped a sophisticated ransomware attack that occurred on September 13, 2023 [Please confirm date and add this date to the patient letter as well.]. Immediately upon discovering the attack, MGRMC engaged its 3rd party cyber security partner and incident response team to assist with securing the network environment, minimizing damages and counteracting the assault, restoring operations, and facilitating the solid recovery of its systems. Within four hours of discovering the attack, we successfully secured the network to prevent any further access from threat actors.
What Information was Involved:
Unfortunately, despite these efforts, the cybercriminal was able to access or acquire a subset of data, which included for some patients:
- Demographic information such as names, addresses, email addresses, phone/fax numbers, dates of birth, driver’s license numbers, passport numbers, gender, and SSNs,
- Treatment information such as medical record numbers and data, dates of service, and
- Financial information such as billing account numbers, Medicare numbers, Medicaid numbers, insurance numbers, credit Card numbers.
We are sending individual letters to impacted patients with specific details about potentially accessed data.
What We Are Doing:
As part of our efforts to prevent future incidents and minimize the harm to patient information, we performed a forensics security investigation, we alerted government agencies, including the FBI, and we are working with experts in the field to enhance our cyber security systems. We have engaged TransUnion to provide patients with free credit monitoring and identity theft services for a period of twelve (12) months.
What Patients Can Do:
We recommend that patients continue to join us in remaining vigilant to protect their personal information through the following steps.
- Place a “Fraud Alert” with the three credit bureaus. To do this, contact any of the three major credit bureaus via the information below. When one credit bureau confirms the fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on the credit report for one year. It can be renewed after one year.
Equifax Experian Trans Union
equifax.com/personal/credit-report-services experian.com/help transunion.com/credit-help
(800) 685-1111 (888) 397-3742 (800) 909-8872
- Ask each credit bureau to send a free credit report after it places a fraud alert on the file. Review the credit reports for unfamiliar accounts and inquiries. These can be signs of identity theft. If personal information has been misused, visit the FTC’s site at IdentityTheft.gov to report the identity theft and get recovery steps. Even if there is not any suspicious activity on the initial credit reports, the FTC recommends that people check their credit reports periodically so they can spot problems and address them quickly.
- Monitor bank and credit card statements.
- If personal information has been misused, visit the FTC’s site at IdentityTheft.gov to report the identity theft and get recovery steps.
For more information:
We take patient privacy very seriously and sincerely apologize for and regret any concern or inconvenience this matter has caused.
If you have any questions or need additional information, please contact Danny Smith, Director of Community Relations at 1-800-664-3509 during the hours of 9:00 a.m. to 5:00 p.m., Monday-Friday.
MGRMC has made great progress restoring our computer information systems from our recent ransomware attack. Internal access to our systems and data has been restored. Patients can now access their information through our online patient portal. We are pleased to report that despite the challenges, we have been able to meet all employee payroll and accounts payable commitments.
As an essential critical access hospital, MGRMC has a strong Incident Command structure. Following our processes, we implemented our downtime procedures, which proved essential and effective, and deployed our incident command team and our recovery team. Throughout the cyber-attack we experienced, patient care has remained our focus. Through immense work and dedication, our staff have remediated most issues as we continue to restore our systems.
As previously reported, we have engaged an experienced firm to review impacted systems. Initial reviews have determined that the patient medical record system was not breached and we are finalizing our review of all systems to determine if any patient information was compromised. As we continue our investigation, we will communicate directly with any impacted individuals.
We are community-owned and governed. We are proud of the 50-year relationship we have with the community and our focus throughout this challenge has been delivering exceptional care. The speed at which we have been able to recover is a credit to our dedicated staff going above and beyond with many long days and nights.
Update 10/4/23– MGRMC’s cyber security investigation and remediation of our system outage is ongoing. Over the weekend and today, we are making significant progress in bringing systems back to operation and accessing information. Since September 27th, MGRMC has taken proactive measures to address the situation. Downtime procedures have been implemented, and further solutions are completed hourly toward full systems restoration.
The disruption, although inconvenient, has had limited impact on patient experience. As a practice, MGRMC has prioritized redundancy and patient information safety in providing excellent care. If we determine that patient information was compromised, we will communicate directly with impacted patients. If you are or have been a patient of MGRMC, we recommend you monitor your account statements, stay vigilant about your personal data, and contact law enforcement if you feel your information may be compromised.
If you have any questions, please call our community relations team at 928-348-3777. Information and updates may be found at www.mtgraham.org/update.
Update 9/28/23– MGRMC is investigating a cybersecurity incident that is affecting its communication and information systems. We are working closely with law enforcement and outside experts to assess the scope and impact of the incident, including whether any patient information was compromised. If we determine that patient information was compromised, we will communicate directly with impacted patients. If you are or have been a patient of MGRMC, we recommend you monitor your account statements, stay vigilant about your personal data, and if you feel your information may be compromised, contact law enforcement.