Kootenai Health Ransomware Attack Affects 464,000 Individuals
Kootenai Health, a Coeur d’Alene, ID-based health system that serves patients in northern Idaho and the Inland Northwest, has announced that it has experienced a data security incident involving the personal and protected health information of patients, employees, and employees’ dependents. Kootenai Health said the incident has not had any impact on its operations, and care has continued to be provided to patients; however, the incident disrupted some of its IT systems.
Unusual activity was detected within its computer systems on March 2, 2024. Third-party cybersecurity experts were engaged to investigate the incident, and evidence was found that an unauthorized individual gained access to its network on or around February 22, 2024. Kootenai Health conducted a review of all files on the systems that were accessed to determine if they contained any personal or protected health information, and that process was completed on August 1, 2024.
The incident affects employees and patients of Kootenai Health, Kootenai Clinic, Kootenai Outpatient Surgery, and Kootenai Outpatient Imaging, and the information potentially accessed or obtained in the incident includes names, dates of birth, Social Security numbers, driver’s license/government-issued identification numbers, medical record numbers, medical treatment and condition information, medical diagnoses, medication information, and health insurance information. While data has been exposed, Kootenai Health said it was unaware of misuse of that information at the time of issuing notifications to the affected individuals on August 12, 2024. Complimentary identity protection services have been offered to the affected individuals.
Kootenai Health has notified the Federal Bureau of Investigation about the incident and said it will provide whatever cooperation is necessary to hold the responsible parties accountable. Steps have also been taken to enhance security to prevent similar incidents in the future. Kootenai Health has not publicly disclosed details about the nature of the intrusion; however, the HIPAA Journal has learned that the 3AM ransomware group was behind the attack. 3AM is a relatively new Russian-speaking ransomware group that has been operating since at least September 2023. 3AM has uploaded 22GB of stolen data to its data leak site indicating the ransom was not paid. The group has also recently added a North Texas physician group to its data leak blog, Visiting Physicians Network, although no data has been released at this stage.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The Kootenai Health data breach is not yet shown on the HHS’ Office for Civil Rights breach portal as a HIPAA breach; however, Kootenai Health has notified the Maine Attorney General that the breach affected 464,088 individuals.
