Kalispell Regional Healthcare in Montana is facing another lawsuit that was filed because of the May 2019 phishing attack that resulted in the access of some employees’ email accounts by cybercriminals.
Kalispell Regional Healthcare discovered the occurrence of the breach on August 28, 2019. According to the investigation, the hackers accessed the email accounts of employees on May 24, 2019 and possibly viewed patient data. The forensics team confirmed that the accounts stored the protected health information (PHI) of approximately 140,209 patients.
The substitute breach notification of Kalispell Regional Healthcare posted on its website confirmed the breach of the following information: names, telephone numbers, addresses, email addresses, dates of service, treatment details, medical insurance details, treating and referring doctors’ names, and medical invoice account numbers. The Social Security number of 250 or less Kalispell Regional Healthcare patients were also exposed. Patients impacted by the breach received free credit monitoring and identity theft protection services. The provider also took the required steps to enhance email security.
The first legal action was filed in the Cascade County District Court in Great Falls, MT on November 25, 2019 by attorney John Heenan for William Henderson, who had his personal data compromised in the breach. The lawsuit claims that Kalispell Regional Healthcare was negligent for not taking the necessary steps to protect patient information and not following the industry’s best practices to protect patient information. Henderson alleged that he faces more risks of identity theft and fraud because of the breach, however, it doesn’t seem that his personal data had been misused when he filed the lawsuit. The lawsuit claims that the healthcare provider violated the Montana Uniform Health Care Information Act.
Attorney William Rossbach filed the second lawsuit on December 24, 2019 on behalf of two patients. The lawsuit likewise alleges that Kalispell Regional Healthcare had committed a violation of the Montana Uniform Health Care Information Act. Annette Nevidomsky, one of the two patients, alleges she was a fraud victim and got unauthorized bills on her accounts after the breach.
The two lawyers are trying to get class-action status for their cases.