Kalispell Regional Healthcare said the breach stemmed from a phishing scheme in which hackers used emails to bait employees into providing their login credentials. Personal records were compromised in the incident.
(TNS) — Kalispell Regional Healthcare has agreed to establish a $4.2 million settlement fund to provide relief for individuals who allege they were impacted by a data breach of the hospital's internal systems that was announced in October 2019.
The class-action lawsuit was filed against Kalispell Regional in the Montana Eighth Judicial District Court in Cascade County on Nov. 22, 2019. The case is expected to go before Judge Elizabeth Best for a final approval hearing on Jan. 5 at 9:30 a.m.
The lawsuit was proposed in 2019 shortly after the hospital disclosed people's names, addresses, medical record numbers, dates of birth, telephone information, medical histories, health insurance information and more may have been compromised during the breach.
Kalispell Regional said the breach stemmed from a "phishing" scheme in which hackers used emails to bait employees into providing their hospital login credentials. The attack resulted in a data security event that was estimated to have involved the personal information of nearly 130,000 patients.
Since the incident, hospital officials have stated that cyberattacks are common and hackers are becoming increasingly sophisticated. According to hospital documents, a top-ranked cybersecurity consulting firm identified Kalispell Regional as being within the top 9% of organizations in the health-care industry for cybersecurity compliance at the time of the event, but "even with that level of readiness, we are not immune to these incidents."
According to the settlement document, Kalispell Regional has denied any wrongdoing. In a statement released Friday, the company emphasized it is not unusual to settle these types of cases.
"The letter references a class action settlement that has been proposed in litigation relating to the cybersecurity event KRH experienced in October, 2019. Settlements are common with events such as these and we will work with the court through the settlement process," the statement reads.
John Heenen with Heenan and Cook law firm in Billings, one of the law firms representing the plaintiffs in the case, said Friday he is pleased Kalispell Regional chose to settle instead of drawing out the litigation, which can be time-consuming and costly.
Under the terms of the settlement, the fund will be used to pay for various forms of relief benefits. Those who may be entitled to benefits can submit a claim for one or more of those benefits, though no payments of any kind will be made until after the court grants final approval of the settlement and all the appeals.
According to the settlement, possible benefits include reimbursement for out-of-pocket losses, reimbursement for attested time, identification restoration services and three bureau credit-monitoring services, which would allow class members to enroll in three years of Experien's credit monitoring services at no cost.
Some of these benefits were outlined in a settlement notice that was sent out via mail to those possibly impacted by the breach.
According to the notice, there are deadlines for those seeking certain benefits. For example, those interested in pursuing reimbursements for out-of-pocket losses, alternative cash payments and/or the three years of bureau credit will must submit their claims online at www.kalispelldatabreachsettlement.com by Feb. 25, 2021.
Although Heenan said he believes Judge Best will grant final approval to the settlement in early January, he said individuals looking to submit claims should wait until that decision is made and then file online afterward. All documents and information associated with the class action can be found on that website as well.
(c)2020 the Daily Inter Lake, Distributed by Tribune Content Agency, LLC.
Never miss a story with the daily Govtech Today Newsletter.