Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

460k Impacted by Kootenai Health Ransomware Attack

Kootenai Health says the personal and health information of over 460,000 individuals was stolen in a ransomware attack.

Coeur d’Alene, Idaho-based healthcare provider Kootenai Health has disclosed a data breach impacting the personal and health information of more than 460,000 individuals.

The incident was identified on March 2, when certain IT systems were disrupted, the organization, which provides healthcare services in northern Idaho and throughout the Inland Northwest, said in a notice on its website.

Subsequently, Kootenai Health discovered that the attackers had access to its network for over a week, and that certain data was exfiltrated on February 22, including personally identifiable information (PII) and protected health information (PHI).

The stolen information includes names, dates of birth, Social Security numbers, driver’s license numbers, government-issued identification numbers, medical treatment information, medical record numbers, medical diagnoses, medication details, and health insurance information.

The healthcare provider says that the incident did not impact its operations and that its hospitals and clinics continued to serve patients.

On August 12, Kootenai Health sent written notification letters to the impacted individuals. The organization submitted a copy of the letter to the Maine Attorney General’s Office, revealing that 464,088 people were affected.

Kootenai Health is providing the impacted individuals with 12 months of credit and identity protection services.

While the healthcare organization did not share specific details on who was responsible for the data breach, the 3AM ransomware gang claimed responsibility for the attack in March.

Advertisement. Scroll to continue reading.

The group has since published a 22 gigabytes archive containing data allegedly stolen from Kootenai Health, which suggests that the healthcare provided did not pay a ransom.

Related: 200k Impacted by East Valley Institute of Technology Data Breach

Related: Physical Security Firm ADT Confirms Hack and Data Breach

Related: Wawa Agrees to Payment, Security Changes for ’19 Data Breach

Related: Key Lawmakers Float New Rules for Personal Data Protection; Bill Would Make Privacy a Consumer Right

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights