Cyber Incident Victim: Colorado Physician Partners

In January 2022, Colorado Physician Partners (CPP) experienced a cybersecurity incident involving unauthorized access to employee email accounts. The breach occurred when an attacker used a foreign IP address to compromise the accounts. Following the intrusion, the threat actor exploited one hijacked account to distribute a fraudulent invoice, confirming their access to sensitive information. This unauthorized activity exposed patient data including names, phone numbers, physical addresses, diagnoses, billing details, and insurance identification numbers. The incident was detected through mechanisms not detailed in public reports, prompting immediate containment efforts. CPP did not disclose the exact date of initial intrusion but confirmed the fraudulent email activity occurred in January 2022. The breach affected 12,800 individuals, making it a moderately sized incident relative to contemporaneous healthcare breaches.

CPP responded by securing the compromised email accounts and resetting passwords across affected systems. The organization implemented enhanced security training protocols to reduce future phishing and account takeover risks. No evidence suggested broader network infiltration beyond the email system compromise. CPP did not report whether the fraudulent invoice resulted in financial losses or whether identity theft occurred among affected patients. The breach notification emphasized the exposure of clinical and billing information but did not specify whether Social Security numbers or financial account details were involved. Regulatory notifications were completed in accordance with standard healthcare breach reporting requirements.