Phishing Attack Leads to Second Lawsuit Against Kalispell Regional Healthcare

A second lawsuit has been submitted against Kalispell Regional Healthcare in Montana in relation to a May 2019 phishing attack that resulted in the email accounts of some of its employees accessed by hackers.

Kalispell Regional Healthcare became aware of the breach on August 28, 2019. The investigation showed that the hackers gained access to staff email accounts on May 24, 2019 and potentially accessed patient data. A forensic investigation showed that the accounts included the protected health information of as many as 140,209 patients.

In the Kalispell Regional Healthcare substitute breach notification published on the group’s internal website it was revealed that the following information was compromised in the breach: Names, addresses, email addresses, telephone numbers, dates of service, treatment details, health insurance data, treating and referring physicians’ names, and medical bill account numbers. Kalispell Regional Healthcare said 250 or fewer patients had their Social Security number made accessible. Patients impacted by the breach were offered complimentary credit monitoring and identity theft protection services and steps have been taken to enhance email security.

The first lawsuit was submitted on November 25, 2019 in the Cascade County District Court in Great Falls, MT by attorney John Heenan on behalf of William Henderson, whose personal information was made accessible in the breach. The lawsuit claims that the healthcare provider was negligent for failing to take proper steps to secure patient data and that industry best practices for securing patient data were not adhered to. Henderson alleges he faces a heightened risk of identity theft and fraud as a result of the breach, but it does not appear that his personal information has been misused at the time that the lawsuit was filed. The lawsuit alleges breaches of the Montana Uniform Health Care Information Act.

The second lawsuit was submitted on December 24, 2019 by attorney William Rossbach on behalf of two patients who were targeted as apart of the breach. The lawsuit also claims Kalispell Regional Healthcare breached the Montana Uniform Health Care Information Act. One of the patients, Annette Nevidomsky, claims she was a victim of fraud and had unauthorized charges on her accounts as a result of he breach.

Both attorneys are seeking class action status for their legal actions.

Author: Maria Perez