MISSOULA — Patients of Western Montana Clinic are receiving notification letters about a data breach that compromised their personal information.
The clinic confirmed a "phishing email incident" allowed occasional access to employee emails containing patient data.
While the breach did not affect the clinic's electronic health records system, the investigation revealed that compromised emails may have contained patient information, including contact details, dates of birth, treating physician names, internal identification numbers, service dates, and medication and treatment information.
"It's pretty scary. I mean, you have to go and like change all your passwords and freeze your credit and stuff like that because you don't know where it's gonna go," said Preslie Booth, a patient who received the notification letter.
"Western Montana Clinic recently completed an investigation related to a phishing email incident. This incident was limited to email account access and did not involve access to the Electronic Health Records system or any other Western Montana Clinic systems. We have no further updates at this time," Western Montana Clinic said in a written statement to MTN.
The clinic concluded its statement by noting that they do not comment on pending litigation.
The following is from the Western Montana Clinic website:
Notice of Data Privacy Incident
Western Montana Clinic is committed to protecting the privacy and security of the information in our care. On August 1, 2025, we began mailing notification letters to certain patients whose information was involved in an incident.
We recently completed an investigation related to a phishing email incident. On April 15, 2025, we observed unusual activity in certain employee email accounts. We immediately began an investigation and worked with third-party experts to contain and remediate the issue. The investigation determined that there was occasional access to employee emails by an unauthorized individual between March 11, 2025 and April 15, 2025, during which time, the unauthorized actor attempted to change bank account information to redirect funds to the unauthorized individual's account. This incident was limited to email account access, and did not involve access to our electronic health records system or any other Western Montana systems.
Although the focus of the unauthorized individual's activities was on redirecting funds from us, we performed a data review to determine if any of the accessed emails and their corresponding attachments contained patient information. On June 3, 2025, we determined that these emails and attachments included patients' name and one or more of the following: patients' contact information, dates of birth, treating physician, internal identification numbers, dates of service, medication information, and treatment and/or diagnostic information. For a small subset of patients, the emails and attachments also included their Social Security numbers.
It is always a good idea for patients to remain vigilant and review statements received from their healthcare provider. If patients identify charges for services they did not receive, they should contact the healthcare provider immediately.
We take this matter very seriously. To help prevent a similar incident, we will continue to implement and evaluate enhanced safeguards and security measures to further protect our email system, and continue to provide training to our employees regarding phishing emails.
We have set up a designated incident response line to answer patient questions. Patients can call 877-250-2787, 9:00 AM to 9:00 PM Eastern Time, except for major U.S. holidays.
This story was reported on-air by a journalist and has been converted to this platform with the assistance of AI. Our editorial team verifies all reporting on all platforms for fairness and accuracy.
