Great Falls Clinic patients victims of Russian cyber-attack
Hundreds of patients of the Great Falls Clinic Hospital may have had their personal information stolen by Russian cyber-criminals during an attack on companies, corporations and government agencies that occurred last May.
NorthStar Anesthesia of Montana, which provides anesthesia care and pain management treatment through its offices at the Great Falls Clinic Hospital, confirmed Monday that its patient billing software was hacked over the Memorial Day weekend. The organization said that the personal information of hundreds of patients may have been compromised including driver’s licenses, social security numbers, patient account numbers and treatment information.
“On August 3, 2023, NorthStar Anesthesia learned that its third-party billing software vendor, Arietis Health, was affected by the global Progress Software MOVEit cyber event, which impacted over 1,000 companies and government organizations,” a NorthStar spokesperson replied in response to in a request for additional information. “NorthStar takes data security and privacy very seriously and has arranged for Arietis Health to offer all affected patients free credit monitoring following the event. Additionally, NorthStar continues to work closely with Arietis Health and the relevant federal and state authorities.”
NorthStar is a corporate provider of anesthesia care with headquarters in Irving, Texas. It operates in more than 20 states and 200 hospitals, including its offices in Great Falls where it employs 15 healthcare providers. On Friday the healthcare billing service NorthStar employs announced that the software it uses to transfer patient data was breached on May 27, likely by a Russian affiliated cyber gang that calls itself "Lace Tempest." NorthStar Anesthesia of Montana was one of hundreds of companies and government organizations whose data may have been compromised in the attack.
The billing company, Arietis Health of Fort Meyers, Florida, said in its release that they were informed of the data breach on May 31, and that they took immediate steps to stop the security threat, which included hiring “leading, independent cybersecurity experts to conduct a comprehensive investigation.”
“That review determined that certain information belonging to individuals who were administered pain manage
ment services or anesthesia by the Customer (NorthStar Anesthesia of Montana) in connection with medical treatment the individuals received from their healthcare provider, may have been involved in the incident,” Areitis Health’s news release states. “That information may have included patient names, dates of birth, driver’s license or other state identification card numbers, addresses, Social Security numbers, medical record numbers, patient account numbers, health insurance information, diagnosis and treatment information, clinical and prescription information, and/or provider information.”
Arietis Health said that as of Sept. 29 it has begun sending letters with information about the cyber-attack to NorthStar Anesthesia of Montana’s patients. Arietis is also offering patients whose information may have been compromised free credit and identity monitoring services.
Arietis Health has established a tollfree call center to answer questions about the incident and to address related concerns. Individuals may call 855-657-4306 Monday through Friday, from 7 a.m. to 7 p.m., or visit https://app.medicalshield.cyex.com/enrollment/activate/.
News of the Russian cyber-attack was first made public five months ago by the U.S. Department of Homeland Security. Businesses as diverse as British Airways and Microsoft acknowledged that their own internal databases had been breached, as did the U.S. Department of Energy and the motor vehicle offices of both Louisiana and Oregon. In June 2023 the government of the Canadian province of Nova Scotia estimated that as many as 100,000 of its employees both past and present were impacted by the breach.
“It’s both massive and small organizations that have been hit,” stated the cybersecurity firm Volexity during an interview with the technology news website Ars Technica last June. “The attackers typically grabbed files from the MOVEit servers less than two hours after exploitation and shell access. We believe this was likely widespread and a rather substantial number of MOVEit Transfer servers that were running Internet-facing web services were compromised.”
Security researcher Kevin Beaumont told the British Broadcasting Corporation – itself a victim of the Lace Tempest attack, that the cyber criminals are more likely to attempt to extort money from organizations rather than individuals but may also threaten to publish the stolen data online for other hackers to pick through if their demands are unmet.
Neither NorthStar Anesthesia of Montana nor Arietis Health offered any information on how many central Montana patients may have had their personal information compromised, or it they have received any extortion demands related to the May 27 cyber-attack.