Cyber Incident Victim: Sunrise Community Health

Sunrise Community Health in Colorado experienced a data security incident involving unauthorized access to employee email accounts. The organization discovered unusual activity in its email system, leading to an investigation launched on November 5, 2019, which confirmed personal information was present in the compromised accounts. Forensic analysis determined the unauthorized access occurred intermittently between September 11, 2019, and November 22, 2019. Evidence suggested the intruders specifically targeted payroll and invoice-related data, though investigators couldn't conclusively confirm whether any information was actually viewed or exfiltrated. The affected email accounts contained varying combinations of patient information including names, dates of birth, patient identification numbers, provider names, service dates, clinical exam types, general results, health insurance details, medication names, and diagnoses. Sunrise emphasized it had no evidence of actual misuse of the exposed data but initiated notifications out of caution given the sensitive nature of the information involved.

Upon detecting the breach, Sunrise immediately engaged third-party forensic specialists to investigate the incident's scope and secure its email environment. The organization implemented additional security enhancements to its systems while continuing the ongoing investigation. Sunrise notified potentially affected individuals about the exposure of their personal health information and offered complimentary credit monitoring and identity theft restoration services through Kroll for one year. A dedicated assistance line was established to address patient inquiries regarding the incident. The notification advised individuals to monitor account statements and credit reports for suspicious activity while providing protective guidance through Sunrise's website and mailed communications.