Kalispell Regional Healthcare based in Montana is charged with another legal case on account of the May 2019 phishing attack that allowed cybercriminals to access certain employees’ email accounts.
Kalispell Regional Healthcare knew about the breach on August 28, 2019. Based on the investigation results, the hackers got access to the employees’ email accounts on May 24, 2019 and likely viewed patient information. The forensics team found approximately 140,209 patients’ protected health information (PHI) stored in the accounts.
The substitute breach notification posted on Kalispell Regional Healthcare’s website stated that the breach compromised the following data: names, phone numbers, addresses, email addresses, treatment information, medical insurance information, dates of service, names of treating and referring doctors, and medical invoice account numbers. The Social Security number of about 250 patients were likewise compromised. Kalispell Regional Healthcare provided the affected patients with credit monitoring and identity theft protection services at no cost and fortified its email security.
Attorney John Heenan filed the first lawsuit in the Cascade County District Court in Great Falls, MT for William Henderson on November 25, 2019 over the compromise of his personal data. The lawsuit states that Kalispell Regional Healthcare neglected to undertake the required actions to secure patient data and not follow the industry’s best practices to secure patient data. Henderson alleged that the breach increased his risks of identity theft and fraud. Nonetheless, there is no proof that his personal information had become misused at the time of the lawsuit filing. The lawsuit claims the violation of the Montana Uniform Health Care Information Act by the healthcare provider.
Attorney William Rossbach registered the second legal case on December 24, 2019 on behalf of Annette Nevidomsky and another Kalispell Regional Healthcare patient. The lawsuit furthermore alleges the violation of the Montana Uniform Health Care Information Act by Kalispell Regional Healthcare. Nevidomsky alleges that she suffered fraud after the breach and had unauthorized charges on her accounts.
The two lawyers are looking to get class-action status for the lawsuits.