Logan Health Medical Center

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Logan Health Medical Center Data Breach

In November 2021, Logan Health Medical Center in Montana experienced a significant data breach that affected the personal and health information of over 213,000 individuals. The breach was detected on November 22, 2021, when suspicious network activity was observed, and evidence of unauthorized access to a file server was found[1][12]. The compromised information varied by individual but may have included names, addresses, medical record numbers, dates of birth, telephone numbers, email addresses, diagnosis and treatment codes, dates of service, treating/referring physicians, medical bill account numbers, health insurance information, and Social Security numbers[1][5][12].

Legal and Financial Repercussions

Following the breach, Logan Health faced a class-action lawsuit alleging negligence and invasion of privacy. The lawsuit claimed that Logan Health failed to implement adequate data security measures and did not provide sufficient security awareness training to its workforce[3][5]. The plaintiff argued that the breach could have been prevented if Logan Health had taken appropriate precautions, especially considering the organization’s history of previous data breaches in 2019 and January 2021[3][5].

In response to the lawsuit and to resolve the claims, Logan Health agreed to a $4.3 million settlement. Class members affected by the breach may be eligible for up to $25,000 in reimbursements for out-of-pocket losses, as well as $125 for reimbursement of lost time and up to three years of credit monitoring services[4][6][12]. The settlement also required Logan Health to implement enhanced data security measures[6].

Recommendations for Affected Individuals

James E. Lee, the chief operating officer for the Identity Theft Resource Center, recommended that affected individuals take advantage of the credit monitoring services offered by Logan Health and provided by Kroll. Additionally, he suggested that individuals consider placing a credit freeze on their files, which is a proactive measure to prevent identity theft[1]. Changing passwords, especially if the same password is used across multiple accounts, was also advised[1].

Logan Health’s Response

Logan Health acknowledged the breach and expressed regret for the inconvenience caused by the criminal actions. The organization stated that it had deployed additional safeguards to further fortify its information systems and emphasized the importance of securing logins and passwords, avoiding unfamiliar links, and being mindful of where sensitive information is stored[4].

Conclusion

The Logan Health Medical Center data breach serves as a reminder of the importance of robust cybersecurity measures and the potential legal and financial consequences of failing to protect sensitive patient information. Affected individuals should take steps to protect their identities and monitor their credit, while healthcare organizations should continuously evaluate and improve their security practices to prevent similar incidents.

Citations:

  1. https://flatheadbeacon.com/2022/03/08/logan-health-notifies-patients-of-data-breach-that-affected-thousands-of-montanans/
  2. https://www.hipaajournal.com/logan-health-medical-center-cyberattack-affects-more-than-213000-patients/
  3. https://healthitsecurity.com/news/logan-health-faces-lawsuit-in-wake-of-hacking-incident
  4. https://healthitsecurity.com/news/logan-health-reaches-4.3m-settlement-following-healthcare-data-breach-lawsuit
  5. https://www.classaction.org/news/logan-health-facing-class-action-over-february-2022-data-breach
  6. https://www.loganhealthsettlement.com
  7. https://www.classaction.org/media/smeltz-et-al-v-logan-health.pdf
  8. https://www.scmagazine.com/analysis/logan-health-agrees-to-4-3m-settlement-after-2021-health-data-breach
  9. https://www.govinfosecurity.com/class-action-filed-in-logan-health-breach-affecting-214000-a-18720
  10. https://www.beckershospitalreview.com/cybersecurity/logan-health-sued-after-data-breach-exposed-174-761-patients-health-information.html
  11. https://youtube.com/watch?v=Na8cGYlCaGY
  12. https://www.hipaajournal.com/logan-health-proposes-4-3-million-settlement-to-resolve-class-action-data-breach-lawsuit/
  13. https://www.loganhealthsettlement.com/docs/Logan%20Health_SettlementAgreement.pdf
  14. https://dailyinterlake.com/news/2022/apr/05/class-action-lawsuit-filed-following-logan-health-/
  15. https://www.govinfosecurity.com/healthcare-entity-reports-another-big-hacking-incident-a-18613
  16. https://www.paubox.com/blog/logan-health-medical-center-a-data-breach-and-now-a-lawsuit
Breach Submission Date Feb 22, 2022
Converted Entity Name Logan Health Medical Center
Converted Entity Type Healthcare Provider
State MT
Individuals Affected 213,543
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes