Kalispell Regional Healthcare patients this week filed a second lawsuit against the northwest Montana healthcare provider after a data breach may have compromised as many as 130,000 people.
Annette Nevidomsky, one of the plaintiffs in the case, said she experienced unauthorized charges on her financial accounts. She believes those unauthorized charges were incurred as a result of the breach, which took place in May, although Kalispell Regional Healthcare did not announce the breach until October.
The lawsuit, filed on Dec. 24, seeks to certify a class of all Kalispell Regional's patients whose private healthcare information was compromised in the breach. The filing includes two plaintiffs at this point, including Nevidomsky.
William Henderson, a Cascade County resident, leveled a similar lawsuit against Kalispell Regional Healthcare in November claiming the hospital violated the Montana Uniform Health Care Information Act, which states a victim of such a breach can seek damages from the health care provider if the company is found to be in violation of the act.
The second lawsuit also alleges a violation of the Montana Uniform Health Care Information Act.
"KRH recently became aware of a lawsuit related to the data security event announced in October. We have not had the opportunity to thoroughly review the complaint and are not prepared to comment on its allegations,"Kalispell Regional spokesperson Mellody Sharpton told the Missoulian in an email on Thursday.
"KRH is, however, disappointed about the lawsuit. We value our relationships with our patients and take safeguarding their privacy very seriously," Sharpton added.
A voicemail left for William Rossbach, representing the plaintiffs in the newer lawsuit, seeking comment was not returned Thursday.
The breach was carried out through a "sophisticated cyberattack," in which employees responded to a phishing email inadvertently disclosing their login credentials. The hospital was not aware of the extent of the attack until an outside forensic firm completed a review for the hospital.
Since the breach, the hospital has taken steps to help employees learn how to identify suspicious emails, according to the earlier lawsuit. Kalispell Regional had offered all notified patients complimentary fraud consultation and identity theft restoration services.