One of the 130,000 patients who may have been affected by a data breach at Kalispell (Mont.) Regional Healthcare filed a lawsuit Nov. 25 against the health system, according to ABC Fox Montana.
William Henderson claims the health system did not take appropriate steps to protect patients’ protected health information. In the complaint, Mr. Henderson is seeking to certify more plaintiffs into a class-action case.
In October, Kalispell Regional Healthcare notified patients that several employees had fallen victim to a phishing attack. Patient data that may have been affected includes names, addresses, medical record numbers, dates of birth, telephone numbers, email addresses, medical histories and treatment information, dates of services, treating and referring physicians, medical bill account numbers and health insurance information. Fewer than 250 patients may have had their Social Security numbers affected.
In the lawsuit, Mr. Henderson claims the breach was “caused by KRH’s failure to abide by best practices and industry standards. The lawsuit also claims the health system did not properly notify patients of the nature and extent of the data breach.
Since the incident, Kalispell Regional Healthcare has taken steps to ensure a similar incident does not happen again, including educating employees on identifying suspicious emails.