On March 18, the Western Montana Clinic announced that its website had been taken down after they discovered it had been hacked on or before March 14 by hackers who left a political message on the home page. At the time, the clinic said that patient data was safe, but they weren’t totally sure about payment data:
As far as patient concerns, she said no personal information was exposed. The clinic is looking at how the site processes bill payments.
“If you use the site to pay with your credit card, it immediately took you to a different site which was not impacted, so we do not believe that the hacker had access to credit card information, but that’s something we have to confirm,” said Saffer.
Unfortunately, the credit card information was not safe. Today, the clinic issued a statement, as reported by NBC:
[…]
The hacker was able to bypass the website’s security measures and obtain access to demographic and credit card information of 6,994 WMC patients who paid their WMC bill(s) via the link on WMC’s website. The information available to the hacker included patient names, addresses, telephone numbers, email addresses, date(s) and amount(s) of credit card transaction(s) on WMC’s website, and the last four (4) digits of patients’ credit card numbers. In addition, approximately 44 patients’ full credit card information was compromised. WMC has taken steps to mitigate any further harm to patients from this security incident.
Read more on NBC.