Signs of Ransomware Pop Up At Colorado Allergy Clinic

A Glenwood Springs, Colo. medical office has sent out cautionary notices after a discovery a month ago of possible ransomware on its computer system.

Kari Hershey, an attorney for Allergy, Asthma & Immunology of the Rockies, P.C. (AAIR), said the problem became apparent when staff had trouble accessing a few documents on its system.

Because the system holds protected health information, such as test results and Social Security numbers, the clinic immediately shut down the server and contacted a forensic IT company to troubleshoot the disturbance.

The ransomware was still in its early stages when detected. There is no evidence that any of the information on the system has been copied or used in any way, although it did pass through a password protected firewall. 

“They weren’t able to track exactly what the hackers did, but what they did find was a draft of the ransom letter on the system,” Hershey said. “The way it was explained to me is that it essentially looked like the hackers were still testing out the ransomware.”

She said, by this point in the investigation, it likely would be known if sensitive information had been harvested. 

“Having said that, there was a breach of the system. Just out of an abundance of caution, we do want people to sign up for an identity theft protection program. That way if they do have a problem they can get help," Hershey said. 

The Glenwood Springs Police Department says the case is currently closed and inactive because the IP address of the attacker was traced back to Russia, far beyond the department’s jurisdiction.

The rest of the investigation likely will be handed over to the FBI.

H/T Databreaches.net