A ransomware attack on the University Medical Center Southern Nevada has compromised the data of 1.3 million patients, although hospital officials say electronic health records were not compromised.

From HealthcareITNews:

The organization said in a statement that the incident only lasted a day, but the bad actors were able to compromise some files on network servers.

“Out of an abundance of caution, UMC will directly notify every person potentially affected by the June cyberattack and provide them with complimentary access to identity protection services,” said UMC in a statement in late July.


Analysts pointed to REvil, a Russia-linked ransomware group, as the culprit.

The group has reportedly extorted upwards of $12 million from victims in 2021. But in mid-July, just after the UMC incident, it appeared to vanish from the Internet.

UMC says it has no evidence to date that cybercriminals accessed any clinical systems, including those connected to its electronic health records.

However, the compromised files did contain protected health information and personally identifiable information, potentially including:

  • Demographic information (name, address, date of birth and Social Security Number)
  • Clinical information (history, diagnosis and test results)
  • Financial information (insurance number)

Just after the attack, REvil posted images of driver’s licenses, passports and Social Security cards of around half a dozen alleged victims on its website, according to local outlets.