Ransomware Attack Probably Results in PHI Access at Central Colorado Dermatology

August 29, 2018


Central Colorado Dermatology (CCD) has made contact with more than 4,000 customers that some of their protected health information (PHI) has probably been acquired by cyber criminals in the course of a ransomware attack on its IT systems.

An illegal person got access to CCD’s computer network and connected ransomware on a server. Medical records and patients’ medical graphs were not seen, even though specific records and scanned fax correspondence were encrypted. A few of those files contained PHI.

An inquiry was started to decide if protected health information was obtained. It wasn’t possible to decide with a high degree of confidence whether any PHI was thieved. CCD didn’t find any evidence to indicate that PHI had been retrieved or thieved, even though some of the software that had been placed on its network might have enabled files to be downloaded.

The variety of files that might have been obtained included the following details: Names, duplicates of CCD reports, diagnostic studies, laboratory test results, treatment information, diagnoses, medical conditions, clinical information, dates of service, insurance payment codes and expenses, Insurance data, emails, birth dates, contact telephone information, addresses, Social Security numbers, and notes and information sent to CCD from other healthcare sellers by fax.

The investigation found that remote access was obtained to a single server on June 5, 2018 and ransomware was connected the same day.

Upon identifying the attack, measures were taken to protect the network and obstruct distant access and a cybersecurity company was engaged to look into the attack. After systems were protected and the malevolent software was erased, the cybersecurity company carried on to check the network for many weeks to make sure that no more efforts were made to access the system. For the duration of that time period, no additional interruptions were found and no doubtful network activity was noted.

In response to the cyberattack, CCD has altered its password prerequisites and how its network can be logged onto, new anti-virus software has been enabled, and more upgrades to system safety have been applied. That process is continuing, guided by IT safety experts. Modifications have also been made to its fax software to check that digital copies of faxes aren’t automatically saved on its network.

As illegal PHI access and thievery of files could not be removed, notification letters were delivered to all 4,065 patients whose PHI could possibly have been retrieved. All patients impacted by the break have been provided with one year of credit checking facilities.