Sunday, November 24, 2024
36.0°F

Second hospital reports data breach

by BILL BULEY
Staff Writer | April 4, 2024 1:00 AM

COEUR d'ALENE — A second Kootenai County hospital within a week's time has reported a data breach.

Kootenai Health on Wednesday reported that at the beginning of March, it discovered suspicious activity in its IT network.

"Our monitoring tools immediately quarantined the activity and we isolated all impacted systems to limit any potential impact," a press release said. "We also engaged a team of cybersecurity experts to investigate the incident and bring our systems online in a safe and secure manner. "

The release said there was no impact on operations. The hospital could not say if patient information was accessed.

"We have no evidence that any information has been misused," the release said. "A comprehensive review of the potentially affected data is ongoing and once complete, we will reach out to impacted individuals with more information."

On Friday, the Rehabilitation Hospital of the Northwest in Post Falls reported a data security incident that involved patient information.

The hospital was alerted Feb. 1 to unusual activity in its information technology environment. In response, it promptly secured and isolated its IT systems, a press release said. 

The Rehabilitation Hospital of the Northwest also began an investigation with assistance from a third-party cybersecurity firm and has been in communication with law enforcement, according to the release.

Through an ongoing investigation, it was determined an unauthorized party gained access to the hospital's IT network between the dates of Jan. 16 and Feb. 4.

"While in the hospital's IT network, the unauthorized party accessed and/or acquired files that contain information pertaining to certain patients, including names and one or more of the following: addresses, dates of birth, medical record numbers, health insurance plan member IDs, claims data, diagnosis and/or prescription information," a press release said. 

The hospital said it was mailing letters to patients whose information may have been involved in the incident. Patients whose Social Security and/or driver’s license numbers may have been involved are being offered complimentary credit monitoring and identity protection services. 

The city of Coeur d’Alene recently sent 57 notifications to Idaho residents whose personal information was accessed in a ransomware attack in February.

The affected data included names, Social Security numbers and driver’s license and/or state identification card numbers, according to a March 12 letter to the Office of the Idaho Attorney General from attorney Matt Meade of the firm Eckert Seamans Cherin and Mellott in Pittsburgh.

“At this time, we are not aware of any misuse of your information,” according to a letter from the city, also dated March 12 and sent by Meade to the AG’s office. 

The city shut down its computer network Feb. 11 after malware was detected in its system. The city's website was offline, records were not accessible and phones were down for several days.

In a Feb. 12 press release, the city said it was working with nationally recognized third-party cybersecurity and data forensics consultants and following industry best practices while developing a strategic plan to address the issue. 

In the March 12 letter signed by City Clerk Renata McLeod, it states: “Through our investigation, we learned that there was unauthorized access to the City’s network between February 4 and February 11, 2024, and that the cyber criminals removed certain files from our servers during the attack."

The city has since brought its network back online.