Colorado Family Practice Discovers Two Cybersecurity Incidents in One Week

March 19, 2018
A Colorado medical group is notifying patients of multiple cybersecurity hacks on its network within a single week.

A Colorado medical group is notifying patients of multiple cybersecurity hacks on its network within a single week.

Longs Peak Family Practice, a medical clinic in Longmont, Col., issued a privacy notice last week stating that on Nov. 5, the group discovered suspicious activity on its computer network and determined that a hacker had penetrated the network. The notice said that LPFP “immediately began investigating and took actions to attempt to  secure  the  network,  but  the  hacker  executed  malicious  code  within  the  network  before  it  could  be  stopped. The malicious code included ransomware that encrypted certain files on our computers,” the notice read.

Then, on Nov. 10, the practice discovered a second hack into the network that did not involve ransomware. LPFP officials said that the organization hired an outside firm with forensic computer expertise to assist in the investigation to identify any malware and further investigate any unauthorized access that may have occurred because of the hacking activity.

The investigation revealed that there was no specific evidence that any data  including  patients’  health  information  was  removed  or  accessed  from  the  network, but that there  was  evidence of unauthorized access to some parts of the computer system on November 5, 9 and 10, the organization reported. What’s more, there wasn’t any evidence of  any  patient  files  being  opened  on  the  LPFP computers,  but  because  some  of  the  software installed by the hackers could have been used to download computer files and some files were encrypted, the practice cannot be completely sure that health information was not compromised.

The type of information that could have been compromised includes patients’ electronic charts, which may include full name, LPFP’s patient ID number, date of birth, address, phone numbers, email address, social security number, insurance carrier, insurance payment codes with associated costs, driver’s license, dates of  service,  clinical  information  including  medical  conditions,  diagnoses,  medications,  labs  and  diagnostic  studies, and copies of notes or reports by LPFP or other healthcare providers. The information did not include credit card or bank account information or invoices for medical services. Final statements for any accounts sent to a collection agency may have been involved, according to the privacy notice.

The medical group said that because of these incidents, it is making changes in regards to how its network is accessed. The notice read, “We have upgraded our system in consultation with seasoned IT  professionals,  including  the  purchase  of  a  new  enhanced  firewall, and are further analyzing the tools and procedures we use to monitor and attempt to block malicious attempts to hack into our network. We are re-analyzing our network and our policies to attempt to further safeguard against potential threats. We are reinforcing and providing additional privacy and security training to all our workforce. We reported the hacking incidents to law enforcement for further investigation.”

Sponsored Recommendations

Healthcare Rankings Report

Adapting in Healthcare: Key Insights and Strategies from Leading Systems As healthcare marketers navigate changes in a volatile industry, they know one thing is certain: we've...

Healthcare Reputation Industry Trends

Navigating the Tipping Point: Strategies for Reputation Management in a Volatile Healthcare Environment As healthcare marketers navigate changes in a volatile industry, they can...

Clinical Evaluation: An AI Assistant for Primary Care

The AAFP's clinical evaluation offers a detailed analysis of how an innovative AI solution can help relieve physicians' administrative burden and aid them in improving health ...

From Chaos to Clarity: How AI Is Making Sense of Clinical Documentation

From Chaos to Clarity dives deep into how AI Is making sense of disorganized patient data and turning it into evidence-based diagnosis suggestions that physicians can trust, leading...