Axis Health System, a nonprofit healthcare provider in Colorado, experienced a cyberattack claimed by the Rhysida ransomware gang, affecting its patient portal and compromising its systems between July and September 2024. The attackers demanded a $1.5 million ransom for data access. Axis detected irregular activity on August 26, promptly initiated an investigation, and took measures to contain the breach. While the impact on patient data is still under review, affected individuals will be notified by mail. Axis operates 13 facilities across southwest Colorado, and its primary care patient portal remains offline during the ongoing investigation.
Questions have arisen regarding the delay in taking the patient portal offline and the timing of Axis Health System's public announcement, which came only after the ransom demand was published. The delay may be attributed to the complexity of the investigation, as Axis likely needed time to assess the full scope of the breach before taking broader actions. Additionally, legal requirements and attempts to manage the situation without causing alarm may have influenced the timing. Only after the ransom was made public did Axis fully disable the portal, likely as a precaution to protect patient data.
