Longs Peak Family Practice, PC (“LPFP”) is notifying patients following a ransomware and hacking incident that were first detected on November 5. From their notification:
LPFP immediately began investigating and took actions to attempt to secure the network, but the hacker executed malicious code within the network before it could be stopped. The malicious code included ransomware that encrypted certain files on our computers. We had a separate secure backup of our patients’ files from which to rebuild and restore our network. On November 10, after discovering a second hack into the network that did not involve ransomware, LPFP immediately hired a leading firm with forensic computer expertise to assist in the investigation to identify any malware and further investigate any unauthorized access that may have occurred because of the hacking activity. LPFP’s forensic investigation concluded on December 5. Although there was no specific evidence that any data including our patients’ health information was removed or accessed from our network, there was evidence of unauthorized access to some parts of our computer system on November 5, 9 and 10. We did not find evidence of any patient files being opened on the LPFP computers, but because some of the software installed by the hackers could have been used to download computer files and some files were encrypted, we cannot be sure that health information was not compromised.
You can read their full press release on their web site.