[BreachExchange] Colorado hospital loses access to 5+ years of patient medical records in ransomware attack

Destry Winant destry at riskbasedsecurity.com
Wed Jun 17 10:09:25 EDT 2020


Rangely (Colo.) District Hospital on June 8 began notifying patients
of a ransomware attack on its computer systems April 9 that resulted
in the loss of access to several years of patients' medical records.

The hospital did not pay the ransom and is working to restore access
to files in its previous Meditech EHR database, which it stopped using
in August 2017, according to the privacy incident statement. While the
medical records in the Meditech database were not affected, Rangely
District Hospital's proprietary software used to access the medical
records was infected by the ransomware. As a result, the hospital lost
access to medical records entered in the database between August 2012
and August 2017. The attack also affected access to medical records of
patients who received home health services between June 2019 and April

The medical records that were encrypted by the ransomware may include
information such as names, Social Security numbers, addresses, health
insurance and billing information, and diagnoses and conditions. No
credit card, debit card or bank information was involved, and none of
the files were viewed or exported from the hospital's systems.

Rangely District Hospital is providing free identity theft protection
services for individuals affected by the incident for one year. The
hospital has also increased security measures, including changing how
its network can be accessed remotely, and is researching data backup

More information about the BreachExchange mailing list