MGRMC reports patient data leaked during its previous cyberattack

The hospital has advised some patient data was lost in a cyberattack in September.

Contributed Article/Courtesy MGRMC

SAFFORD – We are writing in follow-up to our previous communications regarding the ransomware attack on Mt. Graham Regional Medical Center (MGRMC). 

What happened?

On Sept. 27, 2023, Mt. Graham Regional Medical Center (MGRMC) detected and stopped a sophisticated ransomware attack that occurred on Sept. 13, 2023 

Immediately upon discovering the attack, MGRMC engaged its third-party cyber security partner and incident response team to assist with securing the network environment, minimizing damages and counteracting the assault, restoring operations, and facilitating the solid recovery of its systems. Within four hours of discovering the attack, we successfully secured the network to prevent any further access from threat actors.  

What information was involved?

Unfortunately, despite these efforts, the cybercriminal was able to access or acquire a subset of data, which included various information on some patients such as:

• Demographic information such as names, addresses, email addresses, phone/fax numbers, dates of birth, driver’s license numbers, passport numbers, gender, and SSNs.

• Treatment information such as medical record numbers, and dates of service. 

• Financial information such as billing account numbers, Medicare numbers, Medicaid numbers, insurance numbers, and credit card numbers.

We are sending individual letters to impacted patients with specific details about potentially accessed data.

What we are doing

As part of our efforts to prevent future incidents and minimize the harm to patient information, we performed a forensics security investigation, we alerted government agencies, including the FBI, and we are working with experts in the field to enhance our cyber security systems. We have engaged TransUnion to provide patients with free credit monitoring and identity theft services for a period of twelve (12) months. 

What patients can do

We recommend that patients continue to join us in remaining vigilant to protect their personal information through the following steps.

• Place a “Fraud Alert” with the three credit bureaus. To do this, contact any of the three major credit bureaus via the information below. When one credit bureau confirms the fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on the credit report for one year. It can be renewed after one year. 

Equifax (800) 685-1111, Experian (888) 397-3742, Trans Union (800) 909-8872

• Ask each credit bureau to send a free credit report after it places a fraud alert on the file. Review the credit reports for unfamiliar accounts and inquiries. These can be signs of identity theft. If personal information has been misused, visit the FTC’s site at to report the identity theft and get recovery steps. Even if there is not any suspicious activity on the initial credit reports, the FTC recommends that people check their credit reports periodically so they can spot problems and address them quickly. 

• Monitor bank and credit card statements.

• If personal information has been misused, visit the FTC’s site at to report the identity theft and get recovery steps.

For more information

We take patient privacy very seriously and sincerely apologize for and regret any concern or inconvenience this matter has caused.

If you have any questions or need additional information, contact Danny Smith, Director of Community Relations at 1-800-664-3509 during the hours of 9 a.m. to 5 p.m., Monday-Friday.