Billings Clinic

Billings Clinic operates as a healthcare provider delivering medical services to patients. Its core functions include operating a pharmacy located at its main campus, indicating a broader scope of integrated healthcare delivery. The organization handles sensitive patient information such as names, dates of birth, phone numbers, and amounts owed for services rendered, though specific financial or insurance details like Social Security numbers or credit card information were noted as excluded in one incident. It operates within the healthcare sector in the United States, specifically serving patients utilizing its facilities, including its downtown pharmacy location.

The organization has experienced cybersecurity incidents involving unauthorized access to employee email accounts. In 2018, Billings Clinic disclosed two separate breaches impacting patient data. The first, detected in February 2018, affected patients who used the pharmacy at its main campus and involved compromised email accounts containing limited patient information. The second incident, detected in May 2018, exposed details of approximately 8,400 patients due to an employee email account compromise occurring while the employee was traveling. Following detection of anomalous email activity, Billings Clinic engaged digital forensics firms to investigate, blocked compromised accounts, and implemented enhanced security measures. The organization notified affected individuals, reported incidents to law enforcement, and emphasized ongoing investments in cybersecurity technology and staff training to counter evolving threats. No evidence of misuse of the exposed information was found in the February incident.