Kootenai Health says data security incident impacted over 450,000 individuals

Idaho-based healthcare provider Kootenai Health suffered a data security incident that compromised the sensitive personal information of more than 450,000 individuals.

In a filing with the Office of Maine Attorney General, Kootenai Health said that on March 2, it identified unauthorised activities in its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

“The investigation revealed that an unknown actor may have gained unauthorised access to certain data from the Kootenai Health network on or about February 22, 2024,” the healthcare provider said.

The compromised data included names, dates of birth, Social Security numbers, driver’s license or government-issued identification numbers, medical record numbers, medical treatment and condition information, medical diagnoses, medication information, and health insurance information.

Kootenai Health’s filing with the Maine state regulator also revealed that at least 464,088 individuals were impacted by the data security incident.

The healthcare firm said that after it discovered the incident, it “implemented additional security features to reduce the risk of a similar incident occurring in the future,” notified the Federal Bureau of Investigation, and said it will provide the authorities with all the information necessary to identify the hackers.

Kootenai Health has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.