Logan Health Medical Center in Montana is notifying 213, 543 patients, employees, and business associates after discovering that files with personal and protected health information were accessed without authorization.
According to a notification submitted to the Maine Attorney General’s Office, Logan first detected suspicious network behavior on November 22, 2021. On January 5, their investigation confirmed access to one of their eight file servers used for business operations. Their report to the state indicates that the breach occurred on November 18, 2021.
The notification does not reveal how many of those being notified are patients, and the incident has not (yet?) shown up on HHS’s public breach tool as of the time of this publication. For patients, the types of information involved might include name, Social Security number, address, date of birth, telephone number, or email address.
Those being notified are being offered mitigation services through Kroll.