Kalispell Regional Healthcare (KRH) announced Tuesday that an email data breach this summer may have exposed the personal and private healthcare information of nearly 130,000 of its patients.
Information exchanged in emails with KRH staff such as names, addresses and some social security numbers as well as personal medical information could have been accessed as early as May 24.
KRH spokesperson Mellody Sharpton says the breach was discovered in late August. She says company waited until a forensic investigation was done to find what specific information was accessed before notifying patients.
“We discovered that multiple employees had provided their email credentials to unauthorized malicious criminals by way of a phishing scam,” Sharpton says.
Sharpton says federal authorities were immediately notified and that KRH hired a digital forensics firm to conduct the investigation. Sharpton says the investigation into the incident concluded last week and says there are no signs the information has been misused. KRH sent letters out to affected patients Tuesday.
“Different information may have been involved for each person, but all notified individuals are being offered complementary fraud consultation and identify theft restoration services. The notification letters may also offer affected individuals 12 months of complementary monitoring services,” Sharpton says.
The hospital also opened a dedicated call center to help patients sign up for those services and answer any questions they may have.