Cyber Incident Victim: Logan Health Medical Center

On November 22, 2021, Logan Health Medical Center in Kalispell, Montana, detected a security breach within its information technology systems. The initial investigation confirmed unauthorized access by a hacker, described as a "highly sophisticated criminal attack." The organization promptly engaged third-party forensic investigators to assess the nature and scope of the intrusion. By January 5, 2022, the investigation confirmed that the attacker had accessed certain files on a single file server containing patient information. The compromise was confined to this server, with no evidence of electronic medical record system penetration. Analysis revealed the accessed files held varying combinations of patient data, including names, addresses, medical record numbers, dates of birth, telephone numbers, email addresses, insurance claim details, service dates, physician information, medical bill account numbers, and health insurance information. No evidence of data misuse was identified during the investigation.

Logan Health Medical Center initiated patient notifications in February 2022, confirming the breach affected over 213,000 individuals. As a precautionary measure, all impacted patients were offered complimentary credit monitoring and identity protection services through Kroll. The medical center implemented additional security enhancements to strengthen system defenses following the incident. Operational continuity was maintained throughout the investigation and response period, with no reported disruptions to clinical care services. The organization's public disclosure emphasized the localized nature of the server breach and reiterated that electronic medical records remained uncompromised throughout the event.