The Wellness Institute of Montana has become aware of a data security incident impacting its patients' information. Although
we are not aware of any actual access to or misuse of patient information, we have sent notification letters to the potentially
impacted individuals to notify them of this incident and to provide resources to assist them.
On June 24, 2018, we discovered that we were the target of a ransomware event that encrypted files maintained on one of our
servers. Fortunately, our data was backed up and we were able to restore our systems and resume seeing clients in a matter of
days following the event. Our IT service provider immediately commenced an investigation to determine what happened and
what information may have been impacted. Although the investigation found that the ransomware had encrypted files, there
was no evidence to indicate specific access to patient information. However, it remains a possibility that there was unauthorized
access to patient information, including names and billing statements. As we value our patients and the safety of our patients'
information, we notified those potentially impacted patients out of an abundance of caution.
We have taken steps to secure patient information and to prevent this type of event from occurring in the future, including
resetting all passwords across the organization, strengthening our IT security monitoring systems, restricting remote access to
our systems, and notifying law enforcement. Thank you for your understanding and support.
The privacy and protection of patient information is a top priority, and we sincerely regret any concern or inconvenience that
this matter may cause. Should you have any questions regarding this incident, please contact Rosie Jennings at 406-541-4673.