Topics
More on Risk Management

Colorado medical group hit by two cyberattacks in a single week

While Longs Peak Family Practice was investigating a Nov. 5 ransomware attack, its infosec team discovered another hack into its system on Nov. 10.

Jessica Davis, Associate Editor

Longs Peak Family Practice in Longmont, Colorado. Credit: Google MapsLongs Peak Family Practice in Longmont, Colorado. Credit: Google Maps

Hackers hit Colorado-based Longs Peak Family Practice with ransomware on November 5 and once again with a second cyberattack on November 10.

The Longmont provider discovered the first "suspicious activity" on its network and determined a hacker was in the system. After launching an investigation, its team was unable to secure the network before the hacker executed malicious ransomware code onto the system.

Officials said certain files were encrypted by the virus, but they were able to rebuild and restore system files from a separate, secure backup.

[Also: HHS to face audit of its own cybersecurity, incident response capabilities]

Then the investigation found a second hack into the network within a week -- separate from the ransomware incident. Investigators promptly hired a forensic computer firm to help with the investigation and restoration, which concluded on Dec. 5.

Investigators found unauthorized access to its system on three separate occasions.

[Also: Cybersecurity is not a cost, it's an investment, experts say]

"We didn't find evidence of any patient files being opened on the computers," officials said in a statement. "Because some of the software installed by the hackers could have been used to download computer files and some files were encrypted, we can't be sure health information wasn't compromised."

The potentially compromised files contained patient identification numbers, Social Security numbers, dates of birth, addresses, phone numbers, email addresses, insurance information, driver's licenses, dates of services, clinical data and copies of provider notes. No financial data was contained in the files.

Longs Peak has since changed network access privileges and upgraded its firewall. Officials said they are currently analyzing network monitoring tools and procedures to prevent future attacks. Further, the provider is reinforcing and retraining its workforce.

Both hacking incidents were reported to law enforcement. The breach has not yet been added to the U.S. Department of Health and Human Services' Office of Civil Rights' breach reporting tool. All impacted patients are being offered a year of free credit monitoring.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Show All Comments