Cyber Incident Victim: Billings Clinic

In February 2018, Billings Clinic detected unusual activity within its email system, prompting an internal investigation. The organization engaged a national digital forensics firm to determine the source and scope of the unauthorized access. By mid-April 2018, the investigation concluded that an unauthorized individual had viewed a limited number of employee email accounts containing patient information. The breach exclusively affected individuals who accessed or used the pharmacy at the hospital's main downtown campus located at 2800 10th Ave. N. in Billings. Compromised data included patient names, dates of birth, phone numbers, and amounts owed to the pharmacy, but notably excluded highly sensitive information such as Social Security numbers, credit card details, banking information, or insurance data. Hospital spokesman Luke Kobold emphasized that the impacted patients represented only a small fraction of the organization's overall patient database. The incident did not involve compromise of Billings Clinic's electronic medical record systems or financial systems.

Upon confirming the breach, Billings Clinic immediately blocked unauthorized access to the affected email accounts and implemented additional security measures across all email accounts. The organization mailed notification letters to all impacted patients, providing details about the incident and suggesting steps to monitor personal information. Clinic officials found no evidence that any exposed information had been misused or could be misused following the breach. As part of their response protocol, Billings Clinic reported the incident to the Federal Bureau of Investigation (FBI) and reiterated their ongoing investments in cybersecurity technology and employee education programs. Kobold publicly acknowledged the evolving nature of global cyber threats and the necessity for constant vigilance in healthcare data protection.