Billings Clinic notifies nearly 1,000 patients of data breach

Posted at 2:37 PM, Apr 27, 2018
and last updated 2018-04-27 16:37:05-04

Billings Clinic contacted 949 patients to let them know about a data security incident involving personal information in Billings Clinic’s email system Friday. 

Recently, the clinic identified unusual activity within its email system. An investigation was launched to determine what happened and quickly identified the source of the attack. Measures were taken to limit the potential risk to information contained within the system. Access to all potentially compromised accounts was blocked and additional security measures were put in place for all accounts.

Information that was potentially viewed includes patient names, dates of birth, phone numbers and amounts owed to Billings Clinic’s Atrium Pharmacy. In  some cases, information included internal Billings Clinic patient identification or billing numbers and limited medical information.

Social Security numbers, credit card numbers, banking information or insurance information were not involved and the incident did not compromise Billings Clinic’s electronic medical record system or financial systems. 

There is no evidence that any patient information was misused.

The investigation confirmed that an unauthorized person viewed a number of emails that contained personal information on some Billings Clinic patients. 

Letters sent to affected individuals included the number for a dedicated call center that has been established to answer patient questions about the incident at 1-800-731-2623, from 7 a.m. to 4 p.m. Additionally, Billings Clinic has reported this incident to the appropriate authorities, including the FBI.

“Cyber security threats are a rapidly growing problem that organizations across the globe face every day,” said Randy Thompson, MD, Billings Clinic Chief Information Officer. “The frequency and sophistication of these attacks continues to increase, requiring all industries to continue investing in cyber security efforts. Billings Clinic takes threats to the security of its systems and patient information very seriously. We are constantly investing in and strengthening our system’s security.”