Skip to Content

COVID-19 Info: Vaccines (5 & up) | Boosters | Testing | Visitor Guidelines | Stats | More

IMPORTANT NOTICE: COVID-19 testing appointments are not available at Cone Health emergency departments or urgent care locations. Click here for testing options.

Published on November 04, 2020

Cone Health Practice Hit in Ransomwear Attack

Patient information was not taken in the attack but is not recoverable.


Alamance Skin Center in Burlington was the victim of a ransomware cyber-attack. A thorough forensic investigation has concluded that no patient information was taken in the attack. However, patient data at the practice is unrecoverable.

Alamance Skin Center, a Cone Health practice since 2017, was attacked in late July. Alamance Skin Center’s electronic medical record system and servers are separate from the main Cone Health system. It is likely a phishing scam or brute force attack was used to gain access to the system. 

“While this attack was limited to this single practice, we use this as a learning opportunity across Cone Health,” says Frank Riccardi, vice president, chief compliance and privacy officer. “In fact, I urge everyone to learn from these instances as well. If you get an email asking for information such as passwords or to click to verify something, think twice. These attacks are getting extremely sophisticated. They are targeting families as well as businesses.” 

A recent article in Digital Trends finds cyber-attacks on health care up nearly 50% this year. Many of these are ransomware attacks, where a computer program is surreptitiously installed in a computer system and locks files unless a ransom is paid.    

While the information of Alamance Skin Center patients was not stolen, on October 21, we determined that the data is unrecoverable. People who have a scheduled appointment are asked to call the practice to confirm it. Patients of that practice will receive a letter from Cone Health with information on how they can protect themselves and monitor credit reports for suspicious activity if they remain concerned. 

As this cyber-attack is a reportable breach as defined by HIPAA, Cone Health is reporting it to the proper agencies. It has also been reported to law enforcement.