Colorado-based Axis Health System is facing a “cyber incident,” according to a notice posted to the provider’s website.
The provider — which offers primary care, dental services, mental healthcare and substance use treatment at 13 locations in southwest and western Colorado — said in the post it’s still investigating the incident.
Axis’ primary care patient portal is offline, according to the provider. Axis said patients will be notified via mail if their data was compromised.
Dubai-based cybersecurity firm HackManac said in a post on X that Rhysida, a ransomware group that has previously targeted the healthcare sector, claimed responsibility for the incident. The group is seeking a nearly $1.6 million ransom, according to the post.
????Cyberattack Alert ‼️
????????USA – Axis Health System, Rhysida Demands 25 BTC
Rhysida hacking group claims to have breached Axis Health System.
Ransom demand: 25 BTC (approx. $1,580,000).
Ransom deadline: 17th Oct 24. pic.twitter.com/mjSEwCHgOb
— HackManac (@H4ckManac) October 10, 2024
Axis did not respond to a request for comment by press time.
Cybersecurity in healthcare has become an increasingly pressing concern. The number of data breaches related to hacking and ransomware, a type of malware that denies users access to their data until a ransom is paid, has increased over the past five years.
Attacks on the industry can have serious consequences for patient care. Nearly 70% of healthcare IT and security professionals reported patient care disruptions after a cyberattack, including worse outcomes due to care delays and increased patient mortality rates, according to a recent survey by cybersecurity company Proofpoint and research firm Ponemon Institute.
Lawmakers and regulators have also turned their attention to shoring up healthcare cybersecurity. Last month, Sens. Ron Wyden, D-Ore., and Mark Warner, D-Va., released legislation that would set cyber standards for the sector, as well as send funds to hospitals to help them adopt the practices.
