YUMA, Ariz. - Data breaches have affected companies across our nation; the latest company to fall victim to hackers is Prime Care, with several clinics in Yuma.
In the early hours of April 12, Prime Care Urgent Care’s database server system was invaded by hackers. Prime Care employees reported to the executive director, Erin Knowles, that their system was down around 6 that morning.
Knowles said Prime Care's system has crashed before but this time it was different. “There was an actual message on the screen saying that we had been hacked, and they wanted us to contact them by email to pay the ransom," said Knowles. The ransom was $250,000.
Immediately, Knowles contacted the FBI and reached out to digital forensic investigator, Steven G. Burgess, who advised her not to pay the money.
Knowles told News 11, “We wanted to know how [hackers] got in because we have protection, we have firewalls, we have everything that we need to have in place, as all medical facilities should have. But we needed to understand exactly what patients were compromised if any and what it is that [hackers] got access to."
The investigation found Prime Care’s EMR system, a system that stores patients visit history, was infected with ransomware; encrypting but not compromising patients files or credit card information.
Even still, patients wonder why they were not notified right away.
One patient, Maggie, said, “I feel like it’s not fair that they did not tell us immediately or let all the people know about this."
However, Prime Care was required to first complete a thorough investigation before notifying patients, which could take up to two months.
While in the process of transitioning to a cloud-based system, Prime Care is strictly handling patient files and records on paper.
Knowles confirmed a letter was sent out to all recurring patients on June 5, regarding this data breach.
According to the U.S. Department of Human Services, 477 medical entities have reported data breaches in the last two years.