The following is a press release from Billings Clinic:
Billings Clinic is contacting 949 patients to let them know about a data security incident involving limited personal information in Billings Clinic’s email system. Billings Clinic has sent letters to the affected individuals to notify them of the incident. Social Security numbers, credit card numbers, banking information or insurance information were not involved. The incident did not compromise Billings Clinic’s electronic medical record system or financial systems and there is no evidence that any patient information has or could have been misused.
Recently, Billings Clinic identified unusual activity within its email system. Billings Clinic immediately launched an investigation to determine what happened and quickly identified the source of the attack, limiting the potential risk to information contained within the system. Access to all potentially compromised accounts was blocked and additional security measures were put in place for all accounts.
Upon discovering the incident, Billings Clinic engaged a national digital forensics firm to investigate the source and scope of the attack. The investigation confirmed that an unauthorized individual viewed a limited number of emails that contained limited personal information on some Billings Clinic patients. The information that was potentially viewed includes patient names, dates of birth, phone numbers and amounts owed to Billings Clinic’s Atrium Pharmacy. In a very small number of cases information included internal Billings Clinic patient identification or billing numbers and limited medical information.
Billings Clinic is providing patients with information about the incident and steps they can take to monitor and protect their personal information. As part of notification, the letter sent to affected individuals includes the number for a dedicated call center that has been established to answer patient questions about the incident at 1-800-731-2623, from 7 a.m. to 4 p.m. MST. Additionally, Billings Clinic has reported this incident to the appropriate authorities, including the FBI.
"Cyber security threats are a rapidly growing problem that organizations across the globe face every day," said Randy Thompson, MD, Billings Clinic Chief Information Officer. "The frequency and sophistication of these attacks continues to increase, requiring all industries to continue investing in cyber security efforts. Billings Clinic takes threats to the security of its systems and patient information very seriously. We are constantly investing in and strengthening our system’s security."