A data security breach involving Billings Clinic's email system affected 949 patients who used the Atrium Pharmacy, the hospital disclosed Friday.
All of the patients who were part of the breach had access to or used the pharmacy at the hospital's main campus, 2800 10th Ave. N., hospital spokesman Luke Kobold said Friday by telephone.
Letters have been sent to those affected by the incident.
“We want to stress it did not include any of the hyper-sensitive information” such as social security numbers, credit card numbers, or banking or insurance information, Kobold said. It may have included patient names, dates of birth, phone number and amounts owed to the pharmacy.
The number of patients involved in the breach is “a small fraction of our overall data base,” he added.
The incident did not compromise Billings Clinic’s electronic medical record or financial systems, and there is no evidence that any patient information has or could have been misused, Kobold said in a news release.
Clinic officials became aware of unusual activity within its email system in February. The hospital hired a national digital forensics firm to investigate the sources and scope of the attack.
That investigation concluded in mid-April, Kobold said. It revealed an unauthorized individual viewed a limited number of emails that contained patient information.
Access to those email accounts was blocked, and additional security measures were put in place for all accounts, the news release said.
Billings Clinic is providing information to patients about the breach and suggesting steps they can take to monitor and protect their personal information. The hospital also reported the incident to the FBI.
“With these cyber-security threats expanding across the globe, we continue to invest in technology and educate our employees,” Kobold said. “As rapidly evolving as these attacks are, we need to constantly be on our toes.”