Coeur d’Alene, ID – August 12, 2024 – Kootenai Health and its subsidiaries Kootenai Clinic, Kootenai Outpatient Surgery and Kootenai Outpatient Imaging (collectively “Kootenai Health”) have learned of a data security incident that may have impacted data belonging to certain employees, employees’ dependents, and patients.
On March 2, 2024, Kootenai Health became aware of unusual activity that disrupted access to certain IT systems. Upon discovering this activity, Kootenai Health took steps to secure its digital environment. Kootenai Health also engaged leading cybersecurity experts to assist with an investigation and to determine whether personal information may have been accessed or acquired without authorization. The investigation revealed that an unknown actor may have gained unauthorized access to certain data from the Kootenai Health network on or around February 22, 2024. Kootenai Health then worked to conduct a comprehensive review of the impacted data to determine what personal and/or protected health information was involved and to verify the affected information and mailing addresses for impacted individuals to ensure Kootenai Health had the most up to date contact information. This process was completed on August 1, 2024.
The information involved, if impacted, may have included individuals’ names along with dates of birth, Social Security numbers, driver’s license or government-issued identification numbers, medical record numbers, medical treatment and condition information, medical diagnoses, medication information, and health insurance information.
As soon as it discovered the incident, Kootenai Health took the steps referenced above. Kootenai Health also notified the Federal Bureau of Investigation and will provide whatever cooperation is necessary to hold the responsible parties accountable, if possible. Kootenai Health takes the security and privacy of personal information in its possession very seriously and is taking additional steps to prevent a similar event from occurring in the future. Thankfully, the incident had no impact on Kootenai Health’s operations or ability to serve patients and the community.
To date, Kootenai Health is not aware of any attempt to misuse any of the information potentially involved in this incident. However, on August 12, 2024, Kootenai Health mailed notice of this incident to potentially impacted individuals for which Kootenai Health had identifiable address information. In this notification letter, Kootenai Health provided information about the incident and steps that potentially affected individuals can take to protect their information. Kootenai Health also offered potentially impacted individuals access to complimentary identity protection services through IDX.
Kootenai Health has established a toll-free call center to answer questions about the incident and to address related concerns. Call center representatives are available Monday through Friday between 6:00 am to 6:00 pm Pacific Time and can be reached at 1-888-663-1581. All affected individuals may qualify for complimentary identity protection services through IDX. Individuals who have not received a notification letter must obtain verification of eligibility through the call center to enroll in services.
At Kootenai Health, we take the privacy and security of all information within our possession very seriously. Thank you for your understanding about this incident.
While we are not aware of the misuse of any affected individual’s information, we are providing the following information to help those who want to know more about steps they can take to protect themselves and their personal information:
What steps can I take to protect my personal information?
- Please notify your financial institution immediately if you detect any suspicious activity on any of your accounts, including unauthorized transactions or new accounts opened in your name that you do not recognize. You should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities.
- You can request a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To do so, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is listed at the bottom of this page.
- You can take steps recommended by the Federal Trade Commission to protect yourself from identify theft. The FTC’s website offers helpful information at ftc.gov/idtheft.
- Additional information on what you can do to better protect yourself is included in your notification letter.
How do I obtain a copy of my credit report?
You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To order your credit report, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348 . Use the following contact information for the three nationwide credit reporting agencies:
Equifax
P.O. Box 740241 Atlanta, GA 30374 1-800-525-6285 |
Experian
P.O. Box 9532 Allen, TX 75013 1-888-397-3742 www.experian.com |
TransUnion
P.O. Box 1000 Chester, PA 19016 1-800-916-8800 www.transunion.com |
How do I put a fraud alert on my account?
You may consider placing a fraud alert on your credit report. This fraud alert statement informs creditors to possible fraudulent activity within your report and requests that your creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit reporting agencies is included in the letter and is also listed at the bottom of this page.
How do I put a security freeze on my credit reports?
You also have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans and services from being approved in your name without your consent. To place a security freeze on your credit report, you need to make a request to each consumer reporting agency. You may make that request by certified mail, overnight mail, or regular stamped mail, or online by following the instructions found at the websites listed below. You will need to provide the following information when requesting a security freeze (note that if you are making a request for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) address. You may also be asked to provide other personal information such as your email address, a copy of a government-issued identification card, and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. There is no charge to place, lift, or remove a freeze. You may obtain a security freeze by contacting any one or more of the following national consumer reporting agencies:
Equifax Security Freeze PO Box 105788 Atlanta, GA 30348 1-800-685-1111 www.equifax.com |
Experian Security Freeze PO Box 9554 Allen, TX 75013 1-888-397-3742 www.experian.com |
TransUnion (FVAD) PO Box 2000 Chester, PA 19022 1-800-909-8872 www.transunion.com |
What should I do if my family member was involved in the incident and is deceased?
You may choose to notify the three major credit bureaus, Equifax, Experian and Trans Union, and request they flag the deceased credit file. This will prevent the credit file information from being used to open credit. To make this request, mail a copy of your family member’s death certificate to each company at the addresses below.
Equifax
Equifax Information Services P.O. Box 740256 Atlanta, GA 30374 |
Experian
Experian Information Services P.O. Box 9701 Allen, TX 75013 |
TransUnion
Transunion Information Services P.O. Box 2000 Chester, PA 19016 |
What should I do if my minor child or protected person’s information was involved in the incident?
You can request that each of the three national credit reporting agencies perform a manual search for a minor’s or protected person’s Social Security number to determine if there is an associated credit report. Copies of identifying information for the minor and parent/guardian may be required, including birth or adoption certificate, Social Security card and government issued identification card. If a credit report exists, you should request a copy of the report and immediately report ay fraudulent accounts to the credit reporting agency. You can also report any misuse of a minor’s information to the FTC at https://www.identitytheft.gov/. For more information about Child Identity Theft and instructions for requesting a manual Social Security number search, visit the FTC website: https://www.consumer.ftc.gov/articles/0040-child-identity-theft. Contact information for the three credit reporting agencies may be found above.