Rangely (Colo.) District Hospital on June 8 began notifying patients of a ransomware attack on its computer systems April 9 that resulted in the loss of access to several years of patients' medical records.
The hospital did not pay the ransom and is working to restore access to files in its previous Meditech EHR database, which it stopped using in August 2017, according to the privacy incident statement. While the medical records in the Meditech database were not affected, Rangely District Hospital's proprietary software used to access the medical records was infected by the ransomware. As a result, the hospital lost access to medical records entered in the database between August 2012 and August 2017. The attack also affected access to medical records of patients who received home health services between June 2019 and April 2020.
The medical records that were encrypted by the ransomware may include information such as names, Social Security numbers, addresses, health insurance and billing information, and diagnoses and conditions. No credit card, debit card or bank information was involved, and none of the files were viewed or exported from the hospital's systems.
Rangely District Hospital is providing free identity theft protection services for individuals affected by the incident for one year. The hospital has also increased security measures, including changing how its network can be accessed remotely, and is researching data backup options.