Colorado Family Practice Discovers Two Cybersecurity Incidents in One Week | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Colorado Family Practice Discovers Two Cybersecurity Incidents in One Week

January 2, 2018
by Rajiv Leventhal
| Reprints

A Colorado medical group is notifying patients of multiple cybersecurity hacks on its network within a single week.

Longs Peak Family Practice, a medical clinic in Longmont, Col., issued a privacy notice last week stating that on Nov. 5, the group discovered suspicious activity on its computer network and determined that a hacker had penetrated the network. The notice said that LPFP “immediately began investigating and took actions to attempt to  secure  the  network,  but  the  hacker  executed  malicious  code  within  the  network  before  it  could  be  stopped. The malicious code included ransomware that encrypted certain files on our computers,” the notice read.

Then, on Nov. 10, the practice discovered a second hack into the network that did not involve ransomware. LPFP officials said that the organization hired an outside firm with forensic computer expertise to assist in the investigation to identify any malware and further investigate any unauthorized access that may have occurred because of the hacking activity.

The investigation revealed that there was no specific evidence that any data  including  patients’  health  information  was  removed  or  accessed  from  the  network, but that there  was  evidence of unauthorized access to some parts of the computer system on November 5, 9 and 10, the organization reported. What’s more, there wasn’t any evidence of  any  patient  files  being  opened  on  the  LPFP computers,  but  because  some  of  the  software installed by the hackers could have been used to download computer files and some files were encrypted, the practice cannot be completely sure that health information was not compromised.

The type of information that could have been compromised includes patients’ electronic charts, which may include full name, LPFP’s patient ID number, date of birth, address, phone numbers, email address, social security number, insurance carrier, insurance payment codes with associated costs, driver’s license, dates of  service,  clinical  information  including  medical  conditions,  diagnoses,  medications,  labs  and  diagnostic  studies, and copies of notes or reports by LPFP or other healthcare providers. The information did not include credit card or bank account information or invoices for medical services. Final statements for any accounts sent to a collection agency may have been involved, according to the privacy notice.

The medical group said that because of these incidents, it is making changes in regards to how its network is accessed. The notice read, “We have upgraded our system in consultation with seasoned IT  professionals,  including  the  purchase  of  a  new  enhanced  firewall, and are further analyzing the tools and procedures we use to monitor and attempt to block malicious attempts to hack into our network. We are re-analyzing our network and our policies to attempt to further safeguard against potential threats. We are reinforcing and providing additional privacy and security training to all our workforce. We reported the hacking incidents to law enforcement for further investigation.”

2018 Denver Health IT Summit

Renowned leaders in U.S. and North American healthcare gather throughout the year to present important information and share insights at the Healthcare Informatics Health IT Summits.

July 12 - 13, 2018 | Denver



KLAS Research: Small Hospitals’ Buying Decisions Impacting EMR Market Share

A new KLAS Research report tracks shifts in electronic medical record (EMR) vendor market share among acute care hospitals, and finds that smaller hospitals are seeking technology solutions that meet their needs and limited budgets, and these contracts are making a mark on the EMR market.

Survey: Majority of Providers Predict Success for New Generic Drug Company, Project Rx

Back in January, four health systems, in consultation with the VA, announced a collaboration to develop a new, not-for-profit generic drug company. A survey has found that 90 percent of providers say they would become customers of the new venture.

Personalized Medicine Awareness Low Among U.S. Adults, Survey Finds

Genetics and personalized medicine are not top of mind for the general public in the U.S., according to a recent survey from GenomeWeb and the Personalized Medicine Coalition.

Industry Organizations Praise Senate Passage of VA Mission Act

The U.S. Senate on Wednesday passed, by a vote of 92-5, a major Veterans Affairs (VA) reform bill that includes health IT-related provisions to improve health data exchange between VA healthcare providers and community care providers.

NIH Issues Funding Announcement for All of Us Genomic Research Program

The National Institutes of Health’s (NIH) “All of Us” Research Program has issued a funding announcement for genome centers to generate genotype and whole genome sequence data from participants’ biosamples.

MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).