Hospital leaks 129K patient records in sophisticated phishing scam

A healthcare provider in Kalispell, Montana has suffered an embarrassing data breach resulting in 129K health records getting leaked, exposing patients to identity theft and fraud.

Kalispell Regional Healthcare initially learned of the breach in June, but an investigation into the incident suggests the phishing scam started collecting patient records as early as May 24. A notice sent out to patients by the healthcare institution, obtained by local news outlet Flathead Beacon, reveals that the phishing attack was targeted and coordinated.

Multiple employees had unknowingly provided their email login credentials to the phishers. The scammers were then able to access patients’ personal information, including name, address, medical record number, date of birth, telephone number, email address, medical history and treatment information, date of service, treating and referring physician, medical bill account number and/or health insurance information. The hospital says around 250 patients or fewer may have had their Social Security numbers accessed as well.

Chief Executive Officer and President Craig Lambrecht said in the letter to patients that the attack was “highly sophisticated.” Upon learning of the scam, KRH immediately disabled the employees’ accounts, notified federal law enforcement and launched an investigation, enlisting the help of a reputable, New York-based digital forensics firm.

The letter says KRH is offering free credit monitoring services to those affected – as it should in the wake of such a serious data breach – and provides patients with information on how to enroll in the monitoring service.

Cybercrooks targeting hospitals typically aim for one of two scenarios: extort the healthcare unit (i.e. ransomware); or exfiltrate health records and sell them on the dark web to fraudsters. The reason why KRH is shouldering the free credit monitoring service is, of course, to keep patients from getting frauded.

In an October 22 interview with the press, KRH Director of IT, Melanie Swenson, revealed the unit is, in fact, very well equipped to prevent and / or handle cyber-incidents, conducting annual threat assessments and compliance audits. Furthermore, each year the hospital takes steps to bolster its cybersecurity posture as cybercriminals become more sophisticated. Nevertheless, by virtue of basic day-to-day operations and “allowing the employees to do their job, there’s always a little window of vulnerability,” Swenson said.

Many studies conducted in recent years support the IT director’s words, underscoring the need to conduct regular staff training to spot cyber threats. Phishing remains one of the most prevalent attack avenues for cybercriminals everywhere as employees are typically the first line of defense and, at the same time, the weakest link in an organization’s IT infrastructure.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)