BE ON THE LOOKOUT (BOLO): Individual Impersonating Physician

 

To: Administrators and Managers  From: Jo Tansey, Branch Chief, Acute and Nursing Facilities, Health Facilities and Emergency Medical Services Division Please see this Be On the Lookout (BOLO) alert from HCA HealthONE, regarding an individual impersonating a doctor and attempting unauthorized access to multiple healthcare facilities.  While this BOLO alert was issued by Swedish Medical Center, this individual could attempt to do the same at other facilities. If you come into contact with this individual, please contact your local police.  If you have any questions about this message, please contact Melanie Roth @ 720-291-5929 or Melanie.Roth-Lawson@state.co.us.

Alert From Colorado Information Analysis Center: Block This Malicious Phone Number

 

To: Administrators and Managers  From: Jackie Erwin, Deputy Division Director, Health Facilities and Emergency Medical Services Division This morning, we were notified that the Colorado Information Analysis Center (CIAC) was informed of threat actors calling a hospital in the Kansas City region multiple times yesterday, May 22, 2025, claiming to be a different physician both times and identifying those physicians by first and last name. The caller asked for help logging on remotely and resetting their password. The male caller has a distinct accent and is very soft spoken and used the following number: 910-224-1962. CIAC recommends that your organization block the number provided above, as well as review the phone messages received this morning. If one of your users did interact with the threat actor and/or the provided number, please work with your IT team to determine the risk landscape and potential remediation steps. Additionally, take the time to communicate with individuals who interact with users over the phone about the proper procedures to verify the identity of the individuals who call. Please also remember to be cautious of phone calls from unverified numbers which are unexpected, estrangement demanding, or out of character.  Thanks for being vigilant and not becoming a victim. You are encouraged to reach out to the CIAC Cyber Unit and cdps_ciac_cyber@state.co.us if you have questions or require assistance.

Cyber Alert - ALPHV BlackCat Ransomware Advisory

 

To: Healthcare Providers From: Jo Tansey, Branch Chief, Acute and Nursing Facilities,  Health Facilities and Emergency Medical Services Division A joint cybersecurity advisory has been issued by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) that strongly advises healthcare organizations to implement the recommended mitigations to prevent a cyber attack from BlackCat/ALPHV group. While law enforcement was successful and caused a disruption for the ransomware group, the group claims it is still operational and is responding in force. The advisory includes updated information on the tactics, techniques, and procedures (TTPs) associated with the group and Indicators of Compromise (IoCs) from FBI investigations as recently as December 6, 2023.  In addition, the HIPPA Journal posted an article on December 20, ALPHV/BlackCat Claims Healthcare Restrictions Removed for Affiliates. If you experience any anomalous activity, please remember to report to the Cybersecurity & Infrastructure Security Agency (CISA) and the Colorado Information Analysis Center (CIAC) as well as the appropriate local and state authorities.

Department of Human Services issues cybersecurity threat

 

To: Healthcare Providers From: Greg Schlosser, Branch Chief, Health Care Education and Quality, HFEMSD The Department of Health and Human Services’ (HHS) Health Sector Cybersecurity Coordination Center (HC3) is urging healthcare agencies and other critical infrastructure to take immediate action to patch and harden network systems against the ransomware threat “Citrix Bleed.” The vulnerability allows cyberthreat actors to bypass password requirements and multifactor authentication measures, to access private healthcare information. Read more. HC3 released a Sector Alert on November 30, 2023, which outlines patches, mitigations, and workarounds. Please review and share within your organization, as appropriate. We will forward any additional information we receive. For more information, contact Melanie.Roth-Lawson@state.co.us.

Situational Awareness Bulletin on Patient Files Infected with 'Ransom Ware'

Recently, hospitals have been infected with 'ransom ware' that has rendered patient files, equipment interfaces and email unusable. The spread of this type of infection is increasing and will likely impact more hospitals. Hospitals also incur premium charges to resolve the issue and return to normal operations. 

This Situational Awareness Bulletin provides additional information on the threat and guidance on minimizing the risk associated with it.

It is highly recommend medical facilities share this document with physicians that have independent practices as they may find this valuable to protect their medical files as well. Please keep in mind this document is not intended for the general public and should be restricted to the audience identified by the Colorado Information Analysis Center (CIAC).

CIAC Contact Information:
Toll Free: 877-509-2422 (24 hours)
Fax: 720-852-6758 
Email: cdps_ciac@state.co.us 
Website: http://www.dhsem.state.co.us/prevention-security/ciac