Cyber Incident Victim: Longs Peak Family Practice

Longs Peak Family Practice, PC (LPFP) detected unauthorized hacking activity on November 5, 2017, triggering an immediate internal investigation and network security measures. Before LPFP could fully contain the intrusion, the attacker deployed malicious code including ransomware that encrypted files on the practice's computers. The organization relied on a separate secure backup of patient files to rebuild and restore its network infrastructure. Five days after the initial incident, on November 10, LPFP discovered a second unauthorized network intrusion that did not involve ransomware encryption. This second breach prompted the engagement of a specialized forensic firm to conduct a comprehensive investigation into both incidents, identify malware presence, and determine potential unauthorized data access.

The forensic investigation concluded on December 5, 2017, confirming unauthorized access to portions of LPFP's computer systems on November 5, 9, and 10. While investigators found no direct evidence that patient health information was accessed, copied, or removed from the network, they identified hacker-installed software capable of file exfiltration. The ransomware component had encrypted certain system files, creating uncertainty about whether health data might have been compromised during the encryption process or through other malicious tools. LPFP's examination confirmed no evidence of attackers opening patient files on their computers during the intrusion periods. Based on the forensic findings and inherent limitations in completely ruling out data exposure, the practice initiated patient notifications by December 27, 2017, disclosing the potential risk to protected health information while emphasizing their successful network restoration from secured backups.