Axis Health System, the operator of mental health and substance use treatment facilities across Southwest Colorado, is investigating a cyberattack. Whether patient data was breached remains unknown as Axis remains tight-lipped on the incident.
“I can confirm that Axis experienced a cyber incident,” said Axis spokeswoman Haley Leonard-Saunders in an email to The Durango Herald. “Upon discovery, Axis quickly followed its incident response protocol and took immediate steps to stop the unauthorized activity and investigate the nature and scope of the incident.”
Incident protocol was followed, the FBI was notified and a private contractor is investigating the incident, Leonard-Saunders said. A notice on Axis’ website states that if it is determined that patient data was impacted, affected individuals will be notified directly by mail.
Axis’ patient portal is nonoperational for reasons unrelated to the cyber attack. All impacted systems were brought back online by Tuesday morning.
Leonard-Saunders said no other details were available while the investigation was ongoing, and there was no estimate on when the investigation would conclude.
🚨Cyberattack Alert ‼️
— HackManac (@H4ckManac) October 10, 2024
🇺🇸USA - Axis Health System, Rhysida Demands 25 BTC
Rhysida hacking group claims to have breached Axis Health System.
Ransom demand: 25 BTC (approx. $1,580,000).
Ransom deadline: 17th Oct 24. pic.twitter.com/mjSEwCHgOb
Rhysida, a ransomware group, claimed responsibility for the attack, according to a post on X, formerly known as Twitter, by the cybersecurity firm HackManac. The post includes a screenshot of a notice allegedly posted by Rhysida demanding 25 bitcoin – approximately $1.6 million – in ransom for Axis’ data by Thursday. Details of what data the group may have were not specified.
rschafir@durangoherald.com