Kalispell Regional Healthcare Data Breach (2019)

Kalispell (Mont.) Regional Healthcare began notifying nearly 130,000 patients Oct. 23 that their information may have been exposed due to a phishing attack. The health system discovered in June that several employees had provided their credentials to an unauthorized third party. Upon investigation, KRH determined that the hacker may have been able to access data from as early as May. Patient data that may have been affected included names, addresses, medical record numbers, dates of birth, telephone numbers, email addresses, medical histories and treatment information, dates of services, treating and referring physicians, medical bill account numbers and health insurance information. Fewer than 250 patients may have had their Social Security numbers affected. When KRH discovered that the employees had fallen victim to a phishing attack, the health system immediately disabled the email accounts.