Kalispell Regional Healthcare reports a breach that may have affected 130,000 patients

Kalispell Regional Healthcare (KRH) in Montana recently announced an email data breach that may have exposed the protected heath information (PHI) of nearly 130,000 of its patients.

Several of the hospital’s employees were victims of a phishing email that led them to provide their hospital login credentials to hackers. The cyberattack may have exposed PHI including names, social security numbers, email addresses, medical history, and health insurance information.

According to KPH, the breach was discovered in late August and a thorough investigation into the breach was launched at that time. The investigation revealed that patient information may have been exposed as far back as May 24, 2019. KPH reports that about 90% of affected patients are Montana residents and the rest reside in other states or other countries.

The hospital sent letters to affected patients, notifying them of the breach and offering them complementary fraud consultation and identify theft restoration services. The hospital also opened a dedicated call center to help patients sign up for these services.