On February 22, 2022, patients of Logan Health Medical Center (formerly Kalispell Regional Healthcare) were notified that some of their personal information may have been subject to a hack on November 18, 2021. The medical center became aware of the breach on November 22, 2021 when it discovered that an unauthorized user had accessed information from a single file server. An estimated 213,543 patients may have been affected causing protected health information, such as name, address, medical record number, date of birth, telephone number, email address, diagnosis and treatment codes, dates of service, treating/referring physician, medical bill account number and/or health insurance information and Social Security numbers to have been exposed.
The hospital had previously been targeted in October, 2019 when, as Kalispell Regional Healthcare, a data breach provided access to the personal information of 125,805 Montana residents; in response, the organization settled a subsequent class action that had been filed, for $4.2 million and established a settlement fund to compensate impacted individuals. The hospital was again targeted in January, 2021.
In response to the most recent breach, the hospital has sent letters to the patients affected and posted the notification on its website and has offered free identity monitoring services for a year. However, as a result of the breach, a proposed class action was filed on March 9, 2022 in Montana’s Flathead County District Court, alleging that Logan Health had not taken enough data security precautions to prevent future breaches.
Logan Health has responded by pointing out that health systems are increasingly subject to data breaches affecting large numbers of people, citing the Department of Health and Human Services’ statistic that 709 breaches affecting over 45 million people occurred in 2021 alone. Staffing shortages, increases in remote work and the resulting lack of onsite IT support creating less secure environments and IT departments’ rapid move toward digital record-keeping have created pressure on the health care industry, particularly in the wake of the COVID-19 pandemic, subjecting health systems and hospitals to unprecedented numbers of cyberattacks.
Other recent healthcare-related data breaches in 2021 include attacks on:
- Newman Regional Health in Emporia, Kansas where the breach lasted nearly a year between January, 2021 and November, 2021 and impacted over 52,000 individuals;
- Urgent Team Holdings in Tennessee where a November 2021 attack impacted nearly 167,000 people;
- the Guidance Center in Northern Arizona where a data breach affected over 23,000 people;
- Florida Healthy Kids Corporation (a childrens’ health insurance program) where a breach potentially exposed the information of over 3 million people
- University Medical Center of Southern Nevada where a one day breach potentially exposed the files of 1.3 million patients.
Read some of our other posts regarding Data Breach…
Litigation Update: FTC Announces Settlement Finalization of Equifax Data Breach Claims
Litigation Update: T-Mobile Attempts to Use Arbitration Clauses to Limit Data Breach MDL Class
Litigation Update: T-Mobile Files Stay Motion in Georgia Data Hack Lawsuit
Litigation Update: Software Developer Clearview AI Asks Illinois Judge to Dismiss MDL Claims