KRH agrees to 4.2 million dollar settlement after data breach

Featured image

Share this article

KRH Agrees to 4.2 Million Dollar Settlement After Data Breach - Paubox

The Kalispell Regional Healthcare system in Kalispell, Montana has agreed to a $4.2 million settlement after a data breach that affected 130,000 patients. 

What happened?

In May 2019, hackers deployed a successful email phishing attack that targeted KRH employees who supplied them with the credentials needed to access sensitive information, including:

  • Social security numbers 
  • Medical record numbers
  • Insurance information 
  • Provider names 
  • Dates of services 
  • Contact information
  • Birthdays 
  • Medical history 

The aftermath

As a result of the hack and its subsequent publicity, several patients filed lawsuits that claimed KRH had failed to adequately train employees on how to properly discern phishing scams and secure protected health information (PHI).

SEE ALSO: Why Investing in Ongoing Cybersecurity Training is Good Business

This was, however, disputed by KRH CEO Craig Lambert who noted that a cybersecurity firm had named KRH in the top quartile for data security readiness. 

Although KRH may refute the claims of a poor security protocol, the Montana Uniform Healthcare Information Act allows victims of data breaches to sue healthcare providers for violations stemming from an attack. 

The KRH settlement includes $4,200,000 for out-of-pocket losses for patients in addition to Experian services, including:   

  • Three years of credit monitoring
  • Five years of identity theft restoration services

The bottom line

Regardless of whether or not KRH actively ignored cybersecurity protocols, its efforts were just not good enough to withstand an email phishing scam. 

Once these scams have been discovered and reported, there are many regulatory bodies, not only at the state level, but also at the national level (HHS and OCR) that are waiting to hit organizations with substantial fines. Kalispell Regional Healthcare certainly isn’t the first and it won’t be the last to face the wrath. 

SEE ALSO: Orthopedic Clinic Pays $1.5 Million to Settle Systemic Noncompliance With HIPAA Rules

Prevent phishing attacks by working with Paubox

The more sophisticated the attack, the more likely employees are to hand over important security information that can endanger PHI. You will need to up your security by investing in a HITRUST CSF certified HIPAA compliant email solution. 

Paubox Email Suite Plus effectively mitigates phishing risks through: 

Learning from others

One of the most interesting takeaways here is that KRH was rated in the top quartile of all medical organizations for cybersecurity compliance by a cybersecurity auditing firm. This points to a severe gap between the protection healthcare organizations have and the capabilities of potential hackers. 

In order to bridge this gap, it is important to implement a robust security plan that not only trains employees effectively but also utilizes HIPAA compliant email software that prevents phishing attacks from reaching the inbox in the first place.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Rikin Shah

Read more by Rikin Shah

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022