Queen Creek Medical Center (QCMC), also known as Desert Wells Family Medicine, located in Arizona, has notified up to 35,000 patients of a data breach following a ransomware attack that corrupted its medical records system, leading to a loss of a significant number of records.

According to a letter sent to patients, QCMC discovered that during the ransomware attack, the threat actor corrupted the data and QCMC’s back-ups, and despite efforts to repair and restore the data, QCMC was unable to recover that information. Therefore, no patient electronic records prior to the attack on May 21, 2021 are recoverable and QCMC has to rebuild the entire medical record system from scratch.

Following the attack, QCMC stated that it will upgrade its electronic health records (EHR), enhance endpoint detection, implement 24/7 threat monitoring, and train employees. All of these measures are important for basic cybersecurity hygiene and their implementation before an attack occurs can either help prevent one, or aid the recovery of information afterwards.

This attack emphasizes the importance of implementing tools that can help prevent or diminish the devastating effect of a cyber attack on a small organization and that investing in cybersecurity tools in advance of an attack may be a more effective use of resources.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.