Kalispell Regional Healthcare

On May 24, 2019, Kalispell Regional Healthcare (KRH) experienced a cybersecurity incident resulting in a significant data breach. The attack granted unauthorized access to highly sensitive personal information, including patient names, Social Security numbers, and medical records. The breach was formally reported by the California Office of the Attorney General on October 22, 2019. The compromised data exposed patients to risks such as identity theft, financial fraud, and potential misuse of medical history. Given the nature of the stolen information particularly the inclusion of Social Security numbers and medical records the breach posed severe long-term consequences for affected individuals, including reputational harm to KRH and potential legal liabilities. The incident underscored vulnerabilities in the healthcare provider’s data protection measures, raising concerns about the security of patient data in medical institutions.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-183730

TPRM report: https://www.rankiteo.com/company/logan-health

"id": "log901082125",
"linkid": "logan-health",
"type": "Breach",
"date": "5/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Kalispell, Montana, USA',
                        'name': 'Kalispell Regional Healthcare (KRH)',
                        'type': 'Healthcare Provider'}],
 'data_breach': {'data_exfiltration': 'Yes (unauthorized access confirmed)',
                 'personally_identifiable_information': ['names',
                                                         'Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)']},
 'date_detected': '2019-05-24',
 'date_publicly_disclosed': '2019-10-22',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Kalispell Regional Healthcare (KRH) on '
                'October 22, 2019. The breach occurred on May 24, 2019, when '
                'an attack led to unauthorized access to personal information, '
                'including names, Social Security numbers, and medical '
                'records.',
 'impact': {'data_compromised': ['names',
                                 'Social Security numbers',
                                 'medical records'],
            'identity_theft_risk': 'High (PII and medical records exposed)'},
 'references': [{'date_accessed': '2019-10-22',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA (likely)',
                                                    'California Consumer '
                                                    'Privacy Act (CCPA) '
                                                    'notification '
                                                    'requirements'],
                           'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'Kalispell Regional Healthcare Data Breach (2019)',
 'type': 'Data Breach'}