Application security, Malware, Phishing

Phishing scam behind Kalispell Regional Healthcare data breach


Kalispell Regional Healthcare (KRH) just reported a cyberattack that took place in late August and exposed patients’ health information.

The Kalispell, Mont. facility had several employees fall for a phishing email scam, resulting in the attackers gaining the login credentials to KRH’s system, the hospital said in a statement.

“This summer we discovered that several employees were victims of a well-designed email that led them to unknowingly provide their KRH login credentials to malicious criminals,” KRH said.

The hospital learned on August 28, 2019 that some patient information had been accessed by unauthorized personnel and an investigation into this incident led the KRH IT team to discover patient information had been exposed as far back as May 24, 2019.

The Flathead Beacon reported the hospital is notifying 130,000 patients that their data may have been compromised. Once the intrusion was uncovered, the hacked staff accounts were disabled, and the health care provider notified federal law enforcement and launched an investigation to determine the extent of the damage.

The information exposed may differ from person to person, but generally it is believed to include names, Social Security numbers addresses, medical record numbers, dates of birth, telephone numbers, email addresses, medical histories and treatment information, dates of service, treating/referring physicians, medical bill account numbers and/or health insurance information.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.