[BreachExchange] Montana health system alerts 130, 000 patients of data breach

[Destry Winant]

https://www.beckershospitalreview.com/cybersecurity/montana-health-system-alerts-130-000-patients-of-data-breach.html

Kalispell (Mont.) Regional Healthcare began notifying nearly 130,000
patients Oct. 23 that their information may have been exposed due to a
phishing attack, according to the Flathead Beacon.

The health system discovered in June that several employees had
provided their credentials to an unauthorized third party. Upon
investigation, KRH determined that the hacker may have been able to
access data from as early as May.

Patient data that may have been affected included names, addresses,
medical record numbers, dates of birth, telephone numbers, email
addresses, medical histories and treatment information, dates of
services, treating and referring physicians, medical bill account
numbers and health insurance information. Fewer than 250 patients may
have had their Social Security numbers affected.

When KRH discovered that the employees had fallen victim to a phishing
attack, the health system immediately disabled the email accounts.

"We are committed to protecting the privacy of our patients and have
taken steps to prevent similar events from occurring in the future,"
said Craig Lambrecht, MD, CEO of the health system, according to the
Flathead Beacon. "In addition, we will work with the authorities to
hold the perpetrators accountable for this attack against [patient]
privacy."

"Our relationship with our patients is our most valued asset," he
said. "I want to personally express my deepest regret for any
inconvenience that these criminal actions may have caused [patients
and their families]."

While there is no evidence that patient information has been misused,
KRH is offering patients free credit and identity theft monitoring
services for a year. The health system has since taken further steps
to minimize the chances of a similar incident happening.