By HFT Staff

Bigfork Valley Hospital (Bigfork Valley) has learned of a data security incident that may have involved the personal and/or protected health information belonging to individuals. Bigfork Valley has sent notice to this incident to potentially affected individuals and provided resources to assist them.  

On or about January 28, 2025, Bigfork Valley learned that personal information of certain individuals was potentially accessed without authorization. The unauthorized access was the result of a suspicious event first learned of on or about November 26, 2024. Specifically, Bigfork Valley identified suspicious activity associated with one (1) email account. Upon learning of this activity, Bigfork Valley immediately took steps to secure its email environment and engaged digital forensics specialists to assist with the investigation.  

The investigation determined that certain emails and attachments were accessed or acquired without authorization on November 4, 2024. Following this confirmation, Bigfork Valley conducted a comprehensive review of the potentially affected data and determined that personal information belonging to certain individuals may have been accessed in connection with this incident. Bigfork Valley then worked diligently to effectuate notification to potentially affected individuals.  

Bigfork Valley has no evidence of the misuse or attempted misuse of any potentially accessed information. However, on March 25, 2025, Bigfork Valley sent notification letters to the individuals potentially involved in this incident providing them information about what happened and steps they can take to protect their personal information.  

Bigfork Valley is taking steps to prevent a similar event from occurring in the future, including implementing new technical safeguards and security as well as periodic technical and nontechnical evaluations.  

Based on the investigation of the incident, the following personal and protected health information may have been affected as a result of the incident: name, phone number; date of birth; social security number; financial account number, driver's license or state identification number, patient account number, Medicare or Medicaid number, health insurance member number; cost of treatment, diagnosis, treatment, or procedure information, medical history or allergies, prescription drug information, lab test results or images, date of admission or treatment, treatment location and healthcare provider name.