Bigfork Valley Hospital Data Breach Affects 8,496: PHI & PII Exposed

On March 25, 2025, Bigfork Valley Hospital disclosed a data breach affecting the personal and protected health information of approximately 8,496 individuals. According to the hospital's notification, the breach involved unauthorized access to an employee's email account, which was first discovered following suspicious activity on November 26, 2024. Upon investigation, digital forensic specialists confirmed that the unauthorized access occurred on November 4, 2024, and involved certain emails and attachments containing sensitive information.

Personally identifiable information (PII) exposed in the breach include names, phone numbers, dates of birth, Social Security numbers, financial account numbers, driver's license or state identification numbers, patient account numbers, Medicare or Medicaid numbers, and health insurance member numbers.

Additionally, protected health information (PHI) was exposed like detailed medical information such as the cost of treatment, diagnosis, treatment or procedure details, medical histories or allergies, prescription drug information, lab test results or images, dates of admission or treatment, treatment locations, and healthcare provider names.

The breach was officially reported to the U.S. Department of Health and Human Services on March 25, 2025, and can be viewed on the department's breach portal.

Bigfork Valley Hospital's response

To assist affected individuals, Bigfork Valley Hospital sent notification letters on March 25, 2025, outlining the details of the incident and providing guidance on protecting personal information. The hospital has also established a toll-free call center at 1-833-998-7840, available Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time, to answer questions and address concerns related to the breach.

Individuals potentially affected by this breach should remain vigilant by regularly monitoring financial accounts and credit reports for suspicious activity. It is advisable to request a free annual credit report from each of the three major credit reporting agencies—Equifax, Experian, and TransUnion—by visiting AnnualCreditReport.com or calling 1-877-322-8228. Additionally, placing a fraud alert or security freeze on credit files can help prevent unauthorized access to credit information.

For more information, individuals can view the official breach disclosure from Bigfork Valley Hospital posted on the hospital's website.

For further details regarding this data breach, you can visit the U.S. Department of Health and Human Services breach report portal.