130,000 Patients Affected by Kalispell Healthcare Ransomware Attack

In 2019, Kalispell Regional Healthcare in Montana was hit with a ransomware attack that compromised personal patient information.

About the Kalispell Regional Healthcare Data Breach

According to a statement posted by the healthcare center on Oct. 22, 2019, Kalispell Regional Healthcare’s systems were breached by ransomware thieves in early 2019. The health center discovered the breach over the summer when it came to light that a phishing email scam had led several employees at the health center to unknowingly hand over their login credentials to criminals.

Following the realization that patient data had been breached, the employee accounts were disabled and law enforcement was notified. Measures were also put in place to minimize the risk of future data breaches, but the damage was already done.

According to Kalispell, the patient data breach may have resulted in third-party access to patient records as early as May 24, 2019. The personal information compromised by the breach may have been different for each specific patient, but could have involved the theft of names, addresses, Social Security numbers, dates of birth, medical record numbers, phone numbers, email addresses, medical history, treatment history, dates of treatments and services, physician names, billing account numbers, and health insurance information. Approximately 130,000 patients are believed to have been affected by the breach.

The medical center claims that there is no evidence that this data was misused by the criminals. However, the center has still taken steps to inform patients who may have been affected by the data breach that their personal information was potentially compromised. Additionally, impacted patients have been offered 12 months of free credit monitoring services.

As stolen personal information may be used to commit a variety of crimes, including identity or financial theft, it is imperative that patients who may have had their data accessed by the ransomware thieves be informed of the potential risks.

As reported by the Missoulian, at least one patient of Kalispell has filed a lawsuit against the medical center regarding the data breach, claiming that the center failed to adequately protect patient information, in addition to neglecting to inform patients of the breach in a timely manner. Although there is no evidence that the plaintiff’s own information was misused by the ransomware thieves, he claims that the hospital’s negligence left him and other patients vulnerable to potential fraud and theft.

Dangers of Hospital Ransomware Attacks

Attacks focused on hospitals and other medical centers by ransomware thieves have been increasing over the past several years. According to research from RiskIQ, the frequency of these attacks against healthcare facilities has increased by 35 percent between 2016 and 2019.

These attacks are often a way for thieves to take control of a hospital’s medical records and hold them hostage, refusing to release the sensitive information back to the hospital unless a financial ransom is paid, usually through Bitcoin or another digital currency.

While many medical centers give in to these demands and pay to restore their systems, the FBI has recommended against paying ransomware thieves out of the fear that it may incentive future attacks. Some hospitals are able to gain control of their systems on their own or restore their records through backup copies.

Although the goal of ransomware attacks is to force hospitals to pay thieves financial sums, research into these attacks seems to indicate that ransomware thieves may be intentionally targeting public health systems, smaller hospitals, and medical centers. Smaller organizations may not be able to pay out as much as larger hospital systems, but the appeal of these smaller centers may be due to their probable lack of resources for strong IT support which means they may be easier to compromise. Approximately 70 percent of these attacks are leveraged at centers with 500 or fewer employees.

Patients whose personal data is exposed by these attacks may be at risk of having their identity stolen by the thieves. Information including Social Security numbers, full names, and birth dates may be used to open lines of credit in victims’ names and rack up debt or can be sold on the dark web. Thieves who gain access to sensitive medical information including medical records may also be able to use this data to blackmail victims.

If your medical information was compromised in the Kalispell Regional Healthcare data breach or another hospital ransomware attack, you may be entitled to open or join a class action lawsuit against the medical center for failing to protect your medical records. Victims who hire a qualified attorney to review their case may be able to pursue compensation for these data breaches.

Join a Free Hospital Ransomware Attack Class Action Lawsuit Investigation

If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted your medical care, you may qualify to join a hospital ransomware attack class action lawsuit investigation.

Learn More

This article is not legal advice. It is presented
for informational purposes only.