Kalispell Regional Healthcare (KRH) have notified 129,000 patients whose personal information may have been compromised.
The breach, which occurred in June, was due to an email phishing scam that had been targeting employees. Subsequently, many had unwittingly provided their workplace email login credentials to the threat actors.
It was discovered that the unauthorised access to patients’ information may have started from as early as May 24. The exposed data included; names, addresses, medical record numbers, dates of birth, phone numbers, email addresses, medical history, treatment information, treating and referring physicians, medical bill account number and more.
It is also believed that the cyber-attack also exposed the Social Security numbers of approximately 250 patients.
Once learning about the attack, all employees’ email accounts were immediately disabled, and federal law enforcement were notified. Additionally, KRH launched an investigation with the digital forensics firm Kroll.
In a statement, KRH CEO and president, Craig Lambrecht wrote: “Although there is no indication that the information was misused, we have mailed notification letters to potentially-impacted patients to make them aware of the event and the steps they can take to protect information.
“All notified patients are being offered complimentary fraud consultation and identity theft restoration services. In addition, the notification letters may also offer affected individuals 12 months of web and/or credit monitoring services at no charge, depending on what information was involved for that individual.”
Patients are advised to review account statements and report any suspicious activity to the authorities
“We are committed to protecting the privacy of our patients and have taken steps to prevent similar events from occurring in the future,” Lambrecht said. “In addition, we will work with the authorities to hold the perpetrators accountable for this attack against your privacy.”
The post #Privacy: Montana healthcare service announces data breach appeared first on PrivSec Report.