Colorado medical group hit by 2 cyberattacks in a single week

While Longs Peak Family Practice was investigating a Nov. 5 ransomware attack, its infosec team discovered another hack into its system on Nov. 10.
By Jessica Davis
11:28 AM
Share

Longs Peak Family Practice in Longmont, Colorado. Credit: Google Maps

Hackers hit Colorado-based Longs Peak Family Practice with ransomware on Nov. 5 and once again with a second cyberattack on Nov. 10.

The Longmont provider discovered the first “suspicious activity” on its network and determined a hacker was in the system. After launching an investigation, its team was unable to secure the network before the hacker executed malicious ransomware code onto the system.

Officials said certain files were encrypted by the virus, but they were able to rebuild and restore system files from a separate, secure backup.

[Also: The biggest healthcare breaches of 2017]

Then the investigation found a second hack into the network within a week -- separate from the ransomware incident. Investigators promptly hired a forensic computer firm to help with the investigation and restoration, which concluded on Dec. 5.

Investigators found unauthorized access into its system on three separate occasions.

“We didn’t find evidence of any patient files being opened on the computers,” officials said in a statement. “Because some of the software installed by the hackers could have been used to download computer files and some files were encrypted, we can’t be sure health information wasn’t compromised.”

[Also: New cybersecurity threats unwrapped: Hidden Cobra, public safety apps, Western Digital My Cloud]

The potentially compromised files contained patient identification numbers, Social Security numbers, dates of birth, addresses, phone numbers, email addresses, insurance information, driver’s licenses, dates of services, clinical data and copies of provider notes. No financial data was contained in the files.

Longs Peak has since changed network access privileges and upgraded its firewall. Officials said they are currently analyzing network monitoring tools and procedures to prevent future attacks. Further, the provider is reinforcing and retraining its workforce.

Both hacking incidents were reported to law enforcement. The breach has not yet been added to the U.S. Department of Health and Human Services’ Office of Civil Rights’ breach reporting tool. All impacted patients are being offered a year of free credit monitoring.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com