Cyberattack on Kalispell Regional breaches patient data

Print Article

Nurses work in the new ER wing at Kalispell Regional Medical Center. (Casey Kreider/Daily Inter Lake FILE)

A data breach at Kalispell Regional Healthcare earlier this year may have compromised the personal information of nearly 130,000 patients, hospital officials reported on Tuesday.

Kalispell Regional said the hackers used fraudulent emails to bait employees into providing login credentials. The hospital did not know the extent of attack, which happened in May, until an outside forensic firm concluded its investigation in late August. A deeper investigation has since identified the specific patients who were affected.

The vulnerable information is different for each patient, but could involve names, addresses, phone numbers, medical bill account numbers, health insurance information and medical history. The hospital estimates about 250 patients may have had their Social Security numbers taken.

Of those affected, 90 percent are Montana residents.

Patients seen exclusively at North Valley Hospital, an affiliate of Kalispell Regional Healthcare, should not be affected. But North Valley patients often receive services from Kalispell Regional Medical Center and could be affected if they have done so, according to Kalispell Regional spokeswoman Mellody Sharpton.

Kalispell Regional is in the process of mailing notification letters to all those affected, which patients should receive in the coming days. The letters will tell patients what types of their personal information might have been taken and will provide steps to protect that information.

The hospital is offering all notified patients complimentary fraud consultation and identity theft restoration services. Certain patients will also receive 12 months of free web or credit monitoring services, depending on that patient’s affected information.

The forensic firm that performed the investigation was not able to track the source of the attack.

“This wasn’t your everyday, average hacker. They were very sophisticated at disguising their tracks,” said Melanie Swenson, director of information technology at Kalispell Regional Healthcare. She added that her department blocks about 50,000 incoming email threats per day.

Since the breach, the hospital has taken steps to minimize the chance of another breach, such as helping employees learn how to identify suspicious emails.

“This is an educational moment. I don’t think people realize how robust” the IT system has to be to handle outside threats, Swenson said.

A 2018 audit by cybersecurity consulting firm CynergisTek found Kalispell Regional was in the top 9% of organizations in the health-care industry for cybersecurity compliance.

“We are committed to protecting patients’ privacy,” Craig Lambrecht, chief executive officer of Kalispell Regional Healthcare, said in a media statement. “In addition, the organization will work with the authorities to hold the perpetrators accountable for this attack against our patients’ privacy.”

Hospital data breaches are becoming increasingly common, according to the U.S. Department of Health and Human Services Office for Civil Rights. Within the last 90 days, 23 hospitals in the United States have reported data breaches affecting at least 500 individuals.

Montana hospitals have experienced 16 “data security incidents” since 2011, the Office for Civil Rights reports, including large data breaches at the Billing Clinic and Bozeman Deaconess Hospital.

For more information, Kalispell Regional is directing patients to call its designated help line at 1-877-514-0850.

Print Article

Read More Breaking News

Trump pardons ex-San Francisco 49ers owner DeBartolo Jr.

AP

February 18, 2020 at 1:09 pm | WASHINGTON (AP) — President Donald Trump on Tuesday pardoned Edward DeBartolo Jr., the former San Francisco 49ers owner convicted in a gambling fraud scandal who built one of the most successful NFL ...

Comments

Read More

Bigfork blaze destroys Eagle Bend clubhouse

February 16, 2020 at 5:05 pm | Daily Inter Lake A fire destroyed the clubhouse at Eagle Bend Golf Club early Sunday morning in Bigfork. No one was injured in the fire. Bigfork Fire Department Chief Mark Thiry said the call came in at 2 a.m. when...

Comments

Read More

Suspect taken into custody after standoff

February 12, 2020 at 1:16 pm | Daily Inter Lake A suspect was taken into custody early Wednesday afternoon at a mobile home park off Whitefish Stage Road following an incident that lasted several hours and involved the Kalispell Police Departmen...

Comments

Read More

Firefighters halt Alberton church blaze

February 04, 2020 at 1:35 pm | Daily Inter Lake Mineral County law enforcement officials are investigating a suspicious fire that damaged the United Methodist Church in Alberton in the early-morning hours Monday. According to Mel Holtz of the Fre...

Comments

Read More

Contact Us

(406) 755-7000
727 East Idaho
Kalispell, MT 59901

©2020 Daily Inter Lake Terms of Use Privacy Policy
X
X