Queen Creek Medical Center (QCMC), also known as Desert Wells Family Medicine, located in Arizona, has notified up to 35,000 patients of a data breach following a ransomware attack that corrupted its medical records system, leading to a loss of a significant number of records.

According to a letter sent to patients, QCMC discovered that during the ransomware attack, the threat actor corrupted the data and QCMC’s back-ups, and despite efforts to repair and restore the data, QCMC was unable to recover that information. Therefore, no patient electronic records prior to the attack on May 21, 2021 are recoverable and QCMC has to rebuild the entire medical record system from scratch.

Following the attack, QCMC stated that it will upgrade its electronic health records (EHR), enhance endpoint detection, implement 24/7 threat monitoring, and train employees. All of these measures are important for basic cybersecurity hygiene and their implementation before an attack occurs can either help prevent one, or aid in the recovery from the attack.

This attack emphasizes the importance of implementing tools that can help prevent or diminish the devastating effect of a cyber attack on a small organization and that investing in cybersecurity tools in advance of an attack may be a more effective use of resources.