{"id":25284,"date":"2024-10-17T22:50:29","date_gmt":"2024-10-18T04:50:29","guid":{"rendered":"https:\/\/dh.durangoherald.com\/tj\/hackers-leak-thousands-of-confidential-files-from-axis-health-system\/"},"modified":"2026-03-30T23:14:04","modified_gmt":"2026-03-31T05:14:04","slug":"hackers-leak-thousands-of-confidential-files-from-axis-health-system","status":"publish","type":"post","link":"https:\/\/dh.durangoherald.com\/tj\/hackers-leak-thousands-of-confidential-files-from-axis-health-system\/","title":{"rendered":"Hackers leak thousands of confidential files from Axis Health System"},"content":{"rendered":"\n

\"Axis
Axis Health System was the victim of a cyberattack that led to the release of thousands of documents including confidential patient records. (Shane Benjamin\/Durango Herald file)<\/span>cca<\/span><\/figcaption><\/figure>\n<\/p>

Confidential files from Axis Health System that contain sensitive information including patient names, their addresses, treatment records and other personally identifying information were leaked by hackers Thursday.<\/p>\n

Rhysida, a ransomware group, breached the health system last week and demanded 25 bitcoin \u2013 about $1.6 million \u2013 in ransom by Thursday. According to the group\u2019s website, some of the 2.8 terabytes of data stolen was sold and the rest was posted on the dark web.<\/p>\n

Axis provides mental and behavioral health, as well as substance use treatment at 13 locations<\/a> across the Western Slope.<\/p>\n

Hundreds of thousands of leaked documents, some of which were reviewed by The Durango Herald<\/em>, contain not only sensitive employee information, but also confidential patient records protected under the Health Insurance Portability and Accountability Act.<\/p>\n

Two Axis employees confirmed to the Herald<\/em> that confidential information found in the files was accurate.<\/p>\n

\u201cIt\u2019s pretty worrisome, for sure,\u201d said one employee who the Herald<\/em> is not naming because she was not authorized to speak for the organization. \u201cWe\u2019re all scrambling.\u201d<\/p>\n

Axis spokeswoman Haley Leonard-Saunders confirmed Tuesday that there had been a cyberattack. She was tight-lipped Thursday and said that an active investigation was ongoing.<\/p>\n

\u201cNothing has changed,\u201d she said.<\/p>\n

In a news release published<\/a> after Axis was contacted by the Herald,<\/em> the health system confirmed the publication of internal information and said the breach had occurred between July 9 and Sept. 4.<\/p>\n

Leonard-Saunders confirmed that anyone impacted would be notified directly by mail.<\/p>\n

In a previous email, she said that Axis quickly followed its incident response protocol and took immediate steps to stop the unauthorized activity and investigate the nature and scope of the incident.<\/p>\n

Ransomware attacks on health care systems are increasingly common<\/a>, said cybersecurity expert Jack Danahy, vice president at Vermont-based NuHarbor Security, because the data those systems retain is considered sensitive and valuable.<\/p>\n

\u201cAs criminals, the attackers go after them because, No. 1, they\u2019re likely to pay the ransoms because they\u2019re trying to help people with health care,\u201d Danahy said. \u201cThe second reason is that the data that they steal, if they don\u2019t get what they\u2019re looking for, is more valuable to sell on the market.\u201d<\/p>\n

Rhysida, the group responsible, has been around for some time, Danahy said, but has risen to prominence and was the subject of a warning from federal law enforcement<\/a> last year.<\/p>\n

The group was responsible for a monthslong leak at the Lurie Children\u2019s Hospital <\/a>earlier this year that led to the breach of records belonging to 800,000 patients and left the hospital\u2019s systems offline for several months.<\/p>\n

Danahy said it was laudable that Axis was able to bring its system back online so quickly after the breach, given that many organizations are not able to do so.<\/p>\n

\u201cThat part is good,\u201d he said. \u201cNow that the data is out there, there is really very little that the organization can do to sort of retrieve it.\u201d<\/p>\n

Axis\u2019 next steps are likely to be oriented toward preventing future attacks.<\/p>\n

Leonard-Saunders did not address whether the Axis had opted to pay the ransom.<\/p>\n

\u201cWe\u2019re working with experts and we brought in people who specialize in this,\u201d she said.<\/p>\n

Danahy added that paying the ransom is generally not advisable.<\/p>\n

\u201cWe\u2019ve seen, historically, that in many cases, even when the ransom is paid, the data still gets out,\u201d he said. \u201cSo there is no guarantee that once the ransom is paid that it won\u2019t happen anyway, because we are dealing with criminals.\u201d<\/p>\n

rschafir@durangoherald.com<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

sensitive information was released after cyber attacks and $1.6 million ransom demand<\/p>\n","protected":false},"author":1,"featured_media":25285,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[2511,168,1503,28],"naviga_topic":[],"class_list":["post-25284","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-axis-health-system","tag-crime","tag-fraud","tag-headlines"],"acf":[],"author_name":"dh_admin","_links":{"self":[{"href":"https:\/\/dh.durangoherald.com\/tj\/wp-json\/wp\/v2\/posts\/25284","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dh.durangoherald.com\/tj\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dh.durangoherald.com\/tj\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dh.durangoherald.com\/tj\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dh.durangoherald.com\/tj\/wp-json\/wp\/v2\/comments?post=25284"}],"version-history":[{"count":1,"href":"https:\/\/dh.durangoherald.com\/tj\/wp-json\/wp\/v2\/posts\/25284\/revisions"}],"predecessor-version":[{"id":78871,"href":"https:\/\/dh.durangoherald.com\/tj\/wp-json\/wp\/v2\/posts\/25284\/revisions\/78871"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dh.durangoherald.com\/tj\/wp-json\/wp\/v2\/media\/25285"}],"wp:attachment":[{"href":"https:\/\/dh.durangoherald.com\/tj\/wp-json\/wp\/v2\/media?parent=25284"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dh.durangoherald.com\/tj\/wp-json\/wp\/v2\/categories?post=25284"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dh.durangoherald.com\/tj\/wp-json\/wp\/v2\/tags?post=25284"},{"taxonomy":"naviga_topic","embeddable":true,"href":"https:\/\/dh.durangoherald.com\/tj\/wp-json\/wp\/v2\/naviga_topic?post=25284"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}