Logan Health Medical Center
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Logan Health Medical Center Data Breach
In November 2021, Logan Health Medical Center in Montana experienced a significant data breach that affected the personal and health information of over 213,000 individuals. The breach was detected on November 22, 2021, when suspicious network activity was observed, and evidence of unauthorized access to a file server was found[1][12]. The compromised information varied by individual but may have included names, addresses, medical record numbers, dates of birth, telephone numbers, email addresses, diagnosis and treatment codes, dates of service, treating/referring physicians, medical bill account numbers, health insurance information, and Social Security numbers[1][5][12].
Legal and Financial Repercussions
Following the breach, Logan Health faced a class-action lawsuit alleging negligence and invasion of privacy. The lawsuit claimed that Logan Health failed to implement adequate data security measures and did not provide sufficient security awareness training to its workforce[3][5]. The plaintiff argued that the breach could have been prevented if Logan Health had taken appropriate precautions, especially considering the organization’s history of previous data breaches in 2019 and January 2021[3][5].
In response to the lawsuit and to resolve the claims, Logan Health agreed to a $4.3 million settlement. Class members affected by the breach may be eligible for up to $25,000 in reimbursements for out-of-pocket losses, as well as $125 for reimbursement of lost time and up to three years of credit monitoring services[4][6][12]. The settlement also required Logan Health to implement enhanced data security measures[6].
Recommendations for Affected Individuals
James E. Lee, the chief operating officer for the Identity Theft Resource Center, recommended that affected individuals take advantage of the credit monitoring services offered by Logan Health and provided by Kroll. Additionally, he suggested that individuals consider placing a credit freeze on their files, which is a proactive measure to prevent identity theft[1]. Changing passwords, especially if the same password is used across multiple accounts, was also advised[1].
Logan Health’s Response
Logan Health acknowledged the breach and expressed regret for the inconvenience caused by the criminal actions. The organization stated that it had deployed additional safeguards to further fortify its information systems and emphasized the importance of securing logins and passwords, avoiding unfamiliar links, and being mindful of where sensitive information is stored[4].
Conclusion
The Logan Health Medical Center data breach serves as a reminder of the importance of robust cybersecurity measures and the potential legal and financial consequences of failing to protect sensitive patient information. Affected individuals should take steps to protect their identities and monitor their credit, while healthcare organizations should continuously evaluate and improve their security practices to prevent similar incidents.
Citations:
- https://flatheadbeacon.com/2022/03/08/logan-health-notifies-patients-of-data-breach-that-affected-thousands-of-montanans/
- https://www.hipaajournal.com/logan-health-medical-center-cyberattack-affects-more-than-213000-patients/
- https://healthitsecurity.com/news/logan-health-faces-lawsuit-in-wake-of-hacking-incident
- https://healthitsecurity.com/news/logan-health-reaches-4.3m-settlement-following-healthcare-data-breach-lawsuit
- https://www.classaction.org/news/logan-health-facing-class-action-over-february-2022-data-breach
- https://www.loganhealthsettlement.com
- https://www.classaction.org/media/smeltz-et-al-v-logan-health.pdf
- https://www.scmagazine.com/analysis/logan-health-agrees-to-4-3m-settlement-after-2021-health-data-breach
- https://www.govinfosecurity.com/class-action-filed-in-logan-health-breach-affecting-214000-a-18720
- https://www.beckershospitalreview.com/cybersecurity/logan-health-sued-after-data-breach-exposed-174-761-patients-health-information.html
- https://youtube.com/watch?v=Na8cGYlCaGY
- https://www.hipaajournal.com/logan-health-proposes-4-3-million-settlement-to-resolve-class-action-data-breach-lawsuit/
- https://www.loganhealthsettlement.com/docs/Logan%20Health_SettlementAgreement.pdf
- https://dailyinterlake.com/news/2022/apr/05/class-action-lawsuit-filed-following-logan-health-/
- https://www.govinfosecurity.com/healthcare-entity-reports-another-big-hacking-incident-a-18613
- https://www.paubox.com/blog/logan-health-medical-center-a-data-breach-and-now-a-lawsuit