KALISPELL, Mont., Oct. 22, 2019 /PRNewswire/ -- Despite being named in the top quartile for data security readiness by a third party firm, Kalispell Regional Healthcare (KRH) was recently the victim of a highly sophisticated attack on its information technology systems. Safeguarding our patients and their personal information is a top priority, and we want our community to be aware of what happened and how we have addressed it.
This summer we discovered that several employees were victims of a well-designed email that led them to unknowingly provide their KRH login credentials to malicious criminals. We immediately disabled their accounts, notified federal law enforcement, and launched an investigation, which was performed by a nationally recognized digital forensics firm, to determine whether any personal information was affected. On August 28, 2019, we learned that some patients' personal information may have been accessed, without authorization. A deeper investigation specifically determined which patients' information may have been accessed as early as May 24, 2019.
Different information may have been involved for each person. The information may have involved a patient's name, Social Security number, address, medical record number, date of birth, telephone number, email address, medical history and treatment information, date of service, treating/referring physician, medical bill account number and/or health insurance information.
Although there is no indication that the information was misused, KRH has mailed notification letters to potentially-impacted patients to make them aware of the event and the steps they can take to protect their information. All notified patients are being offered complimentary fraud consultation and identity theft restoration services. In addition, the notification letters may also offer affected individuals 12 months of web and/or credit monitoring services at no charge, depending on what information was involved for that individual. In addition, we have taken further steps to revise procedures that will minimize the risk of a similar event from happening again.
KRH has also provided a toll-free call center that individuals can call to ask questions or learn additional information. The telephone number for the call center is 1-877-514-0850. It is available Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time. We encourage any person who believes that they may have been affected by this incident to take steps to protect their personal information. Such steps may include reviewing account statements, reporting suspicious activity to the authorities, and placing security freezes on credit files.
"We are committed to protecting patients' privacy and have taken steps to prevent similar events from occurring in the future. In addition, the organization will work with the authorities to hold the perpetrators accountable for this attack against patients' privacy," said Craig Lambrecht, KRH President and CEO. "We value our relationships with our patients and our community and regret any inconvenience that these criminal actions may cause patients and their families."