Kalispell Regional Healthcare is facing a second lawsuit over its handling of a data breach last year of up to 130,000 patients' medical and financial information. Court documents allege the hospital was negligent in its cyber security practices and put patients at risk by not immediately alerting them about the breach.
Kalispell Regional Healthcare announced back in October that hackers accessed some patients’ private information as early as May of 2019.
KRH says it didn’t discover the breach until August and officials took about two months to determine which patients were impacted. The latest lawsuit over the breach was filed in U.S District Court in Missoula on Dec. 24. It argues the healthcare provider maintained its computer systems in a “reckless manner.” It also alleges that KRH failed to properly monitor systems containing patient data and could have discovered the breach much sooner.
Like another lawsuit filed in November, plaintiffs say KRH should have immediately alerted all patients as soon as the cyber attack was discovered. By delaying, the lawsuits say, it put patients at increased financial risk. One of the plaintiffs in the latest lawsuit says she received fraudulent charges on financial accounts as a result of the breach.
Both cases could be certified as class action lawsuits and are seeking compensation for affected patients. KRH declined to provide a new comment on the latest lawsuit and the Missoula-based law firm representing the two plaintiffs did not return a call for comment in time for this story.