Cyber Incident Victim: Kalispell Regional Healthcare
Date:
May 2019
Location:
United States of America
Summary
A Montana healthcare provider experienced a significant data breach when sophisticated phishing attacks compromised employee email credentials, enabling unauthorized access to approximately 129,000 patient records. Exposed information included names, addresses, medical histories, treatment details, insurance data, and limited Social Security numbers. The organization responded by disabling affected accounts, engaging federal law enforcement and external forensic experts, and offering impacted individuals complimentary credit monitoring services. The incident highlighted persistent vulnerabilities stemming from targeted credential theft despite existing cybersecurity measures and regular threat assessments.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Kalispell Regional Healthcare (KRH) in Montana experienced a significant data breach compromising approximately 129,000 patient records due to a targeted phishing campaign. The incident began on or around May 24, 2019, when multiple employees unknowingly provided their email login credentials to attackers, enabling unauthorized access to sensitive patient information. KRH discovered the breach in June 2019 and subsequently launched an investigation with assistance from a New York-based digital forensics firm. The compromised data included patient names, addresses, medical record numbers, dates of birth, telephone numbers, email addresses, medical history and treatment details, dates of service, treating and referring physician information, medical bill account numbers, and health insurance information. Approximately 250 patients also had their Social Security numbers exposed. KRH promptly disabled the affected employee accounts upon detection and notified federal law enforcement agencies about the intrusion.
The healthcare provider characterized the attack as "highly sophisticated" and "targeted and coordinated" in communications to affected patients. KRH implemented credit monitoring services at no cost to impacted individuals to mitigate potential identity theft and fraud risks stemming from the breach. In public statements, KRH Director of IT Melanie Swenson emphasized the organization's regular cybersecurity practices, including annual threat assessments and compliance audits, while acknowledging inherent operational vulnerabilities that sophisticated attackers could exploit. The incident highlighted the persistent threat of phishing attacks against healthcare institutions, where employee credentials often serve as entry points for data exfiltration. KRH's containment measures focused on credential revocation, forensic analysis, and victim assistance, though the breach exposed systemic challenges in preventing social engineering attacks despite existing security protocols.