Colorado hospital loses access to 5+ years of patient medical records in ransomware attack 

Rangely (Colo.) District Hospital on June 8 began notifying patients of a ransomware attack on its computer systems April 9 that resulted in the loss of access to several years of patients' medical records. 

The hospital did not pay the ransom and is working to restore access to files in its previous Meditech EHR database, which it stopped using in August 2017, according to the privacy incident statement. While the medical records in the Meditech database were not affected, Rangely District Hospital's proprietary software used to access the medical records was infected by the ransomware. As a result, the hospital lost access to medical records entered in the database between August 2012 and August 2017. The attack also affected access to medical records of patients who received home health services between June 2019 and April 2020. 

The medical records that were encrypted by the ransomware may include information such as names, Social Security numbers, addresses, health insurance and billing information, and diagnoses and conditions. No credit card, debit card or bank information was involved, and none of the files were viewed or exported from the hospital's systems. 

Rangely District Hospital is providing free identity theft protection services for individuals affected by the incident for one year. The hospital has also increased security measures, including changing how its network can be accessed remotely, and is researching data backup options. 

More articles on cybersecurity: 
Health systems can use PHI to contact former COVID-19 patients on blood, plasma donation without violating HIPAA: 3 details
10 common reasons for HIPAA violations
MU Health Care reports PHI breach due to affiliated students' email accounts

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Webinars

Featured Whitepapers