Colorado Family Practice Discovers Two Cybersecurity Incidents in One Week

March 19, 2018
A Colorado medical group is notifying patients of multiple cybersecurity hacks on its network within a single week.

A Colorado medical group is notifying patients of multiple cybersecurity hacks on its network within a single week.

Longs Peak Family Practice, a medical clinic in Longmont, Col., issued a privacy notice last week stating that on Nov. 5, the group discovered suspicious activity on its computer network and determined that a hacker had penetrated the network. The notice said that LPFP “immediately began investigating and took actions to attempt to  secure  the  network,  but  the  hacker  executed  malicious  code  within  the  network  before  it  could  be  stopped. The malicious code included ransomware that encrypted certain files on our computers,” the notice read.

Then, on Nov. 10, the practice discovered a second hack into the network that did not involve ransomware. LPFP officials said that the organization hired an outside firm with forensic computer expertise to assist in the investigation to identify any malware and further investigate any unauthorized access that may have occurred because of the hacking activity.

The investigation revealed that there was no specific evidence that any data  including  patients’  health  information  was  removed  or  accessed  from  the  network, but that there  was  evidence of unauthorized access to some parts of the computer system on November 5, 9 and 10, the organization reported. What’s more, there wasn’t any evidence of  any  patient  files  being  opened  on  the  LPFP computers,  but  because  some  of  the  software installed by the hackers could have been used to download computer files and some files were encrypted, the practice cannot be completely sure that health information was not compromised.

The type of information that could have been compromised includes patients’ electronic charts, which may include full name, LPFP’s patient ID number, date of birth, address, phone numbers, email address, social security number, insurance carrier, insurance payment codes with associated costs, driver’s license, dates of  service,  clinical  information  including  medical  conditions,  diagnoses,  medications,  labs  and  diagnostic  studies, and copies of notes or reports by LPFP or other healthcare providers. The information did not include credit card or bank account information or invoices for medical services. Final statements for any accounts sent to a collection agency may have been involved, according to the privacy notice.

The medical group said that because of these incidents, it is making changes in regards to how its network is accessed. The notice read, “We have upgraded our system in consultation with seasoned IT  professionals,  including  the  purchase  of  a  new  enhanced  firewall, and are further analyzing the tools and procedures we use to monitor and attempt to block malicious attempts to hack into our network. We are re-analyzing our network and our policies to attempt to further safeguard against potential threats. We are reinforcing and providing additional privacy and security training to all our workforce. We reported the hacking incidents to law enforcement for further investigation.”

Sponsored Recommendations

Ask the Expert: Is Your Patients' Understanding Putting You at Risk?

Effective health literacy in healthcare is essential for ensuring informed consent, reducing medical malpractice risks, and enhancing patient-provider communication. Unfortunately...

Beyond the Silos: Transforming Coordinated Care Across Healthcare Systems

Coordinated healthcare is vital to delivering a high-quality patient experience, yet it has been difficult to systematize across all healthcare settings. Although it has largely...

The Healthcare Provider's Guide to Accelerating Clinician Onboarding

Improve clinician satisfaction and productivity to enhance patient care

ASK THE EXPERT: ServiceNow’s Erin Smithouser on what C-suite healthcare executives need to know about artificial intelligence

Generative artificial intelligence, also known as GenAI, learns from vast amounts of existing data and large language models to help healthcare organizations improve hospital ...