Data breach at Rocky Mountain Gastroenterology impacted 366,000 patients

Littleton, Colorado-based healthcare provider Rocky Mountain Gastroenterology said that the data security incident it suffered in September compromised the sensitive personal information of more than 366,000 patients.

 

In a notice of data security incident on its website, Rocky Mountain Gastroenterology (RMG) said that on September 13, it became aware of a significant cyber security incident that affected its internal network. 

 

The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to secure the affected systems and notified law enforcement about the incident.

 

“RMG’s investigation determined that an unauthorised party accessed certain files from its network and determined that some of those files contain patient information,” reads the notice.

 

The compromised data included names, dates of birth, addresses, medical record numbers, patient account numbers, Social Security numbers, health insurance identification numbers, diagnoses and treatment information.

 

RMG notified the U.S. Department of Health and Human Services that it has identified 366,491 individuals who were impacted by the incident.

 

The healthcare provider has started notifying affected patients and has set up a dedicated toll-free incident response line to answer questions related to the incident.

 

“We take this incident very seriously and sincerely regret any concern this may cause. To help prevent something like this from happening again, we have implemented additional safeguards and technical security measures to further protect and monitor our systems,” RMG added.

 

In October, the MEOW Ransomware group claimed responsibility for the cyber attack on RMG and listed it as a victim on its data leak site. The group claimed to be in possession of 80 GB of data stolen from RMG and threatened to leak the same unless its ransom demand wasn’t met.

 

 

Around the same time, RansomHub ransomware and Trinity ransomware groups also claimed to have breached the internal network of Rocky Mountain Gastroenterology and listed it as a victim on their leak sites.