Several employees at Kalispell Regional Healthcare provided attackers with their login credentials.
Photo/Thumb have been modified. Courtesy of EV_Korobov - stock.adobe.com.
A phishing attack at Kalispell Regional Healthcare might have affected nearly 130,000 patients’ personal health information, according to several news reports.
Mellody Sharpton, director of communications at Kalispell Regional Healthcare confirmed to Inside Digital Health™ that 129,641 patients are in jeopardy.
Employee neglect continues to remain an issue in healthcare as several employees at the Montana-based medical center fell victim to a well-designed email with a malicious link, Craig Lambrecht, M.D., president and CEO of Kalispell Regional Healthcare said in a notification of data security event letter. Following the link presented in the email, the employees provided their Kalispell Regional Healthcare credentials to cyberattackers.
Despite employees being trained on cybersecurity standards and threats continuously, several employees still clicked the link, Sharpton said.
Kalispell Regional Healthcare notified federal law enforcement after it became aware of the phishing attack over the summer. An investigation ran by a digital forensics firm helped unearth additional information about the cybersecurity attack. On Aug. 28, the medical center found out that some patients’ personal information could have been accessed. Further investigation determined specific patients whose information could have been accessed as early as May 24.
The information obtained by the cyberattackers could include:
There is no indication that the information was misused, Lambrecht claimed in the notification. Still, patients who were potentially impacted by the phishing attack received a letter in the mail.
Patients are being offered complimentary fraud consultation and identity theft restoration services. The affected patients also can get 12 months of web or credit monitoring services at no charge, depending on the information obtained on that specific individual.
The medical center is revising its procedures and continuously works to make its security systems more robust to prevent this from happening again, Sharpton said.
“We are committed to protecting the privacy of our patients and have taken steps to prevent similar events from occurring in the future,” Lambrecht said.
Get the best insights in digital health directly to your inbox.
Related
Ransomware Attack Forces 3 Hospitals to Turn Away Patients
Ransomware Attack Affects 320K, Medical Group Provides No Updates
FDA Warns Providers of Medical Device Cybersecurity Vulnerabilities
Cybersecurity panel: How hospitals can protect their patients and their systems
November 18th 2024Chief Healthcare Executive® presents the final installment in our series, with experts from HIMSS, the American Hospital Association, and Providence. In this episode, our panel offers advice on how health systems can improve.
Cybersecurity panel: Hospitals threatened by attacks aimed at vendors
November 4th 2024Chief Healthcare Executive presents another installment from our conversation on cybersecurity, with experts from the American Hospital Association, HIMSS and Providence. They talk about breaches tied to business partners.