Community Hospital of Anaconda Data Breach: 540 GB Stolen

On August 12, 2024, Montana-based Community Hospital of Anaconda (CHA), discovered unusual activity that disrupted access to its IT systems. An investigation revealed that an unauthorized actor had gained access to the hospital’s network between August 10 and August 12, 2024.

The incident was later attributed to the MEOW ransomware group, which publicly claimed responsibility on its dark web portal. According to MEOW, they stole over 540 GB of confidential data, including sensitive employee, client, supplier, and partner information.

Personally identifiable information (PII) such as names, dates of birth, Social Security numbers, driver’s license or state identification numbers, U.S. military identification numbers, passport numbers, and financial account information were compromised.

In addition, protected health information (PHI) including patient account numbers, medical record numbers, Medicare and Medicaid numbers, treatment details, health insurance information, client medical records and test results, treatment plans, patient prescriptions, and scanned payment documents were also accessed.

The hospital worked with cybersecurity experts to thoroughly review the compromised data and identify affected individuals. In New Hampshire, one resident was notified, but the total number of affected individuals is likely much higher, given the scope of the attack.

The MEOW ransomware group released sample screenshots on their dark web site to demonstrate the extent of the data theft, further confirming the severity of the breach. For more details, you can review the official disclosure to the New Hampshire Attorney General’s office.

Community Hospital Of Anaconda's response

To support those affected, CHA is offering complimentary credit monitoring and identity protection services through IDX, including credit monitoring, identity restoration, and identity protection insurance.

Affected individuals have been provided with guidance on steps to protect their personal information, such as monitoring account statements, placing fraud alerts, and considering a security freeze on credit files. IDX is also operating a dedicated call center to answer questions related to the incident.

Given the nature of the attack—a ransomware incident involving both PII and PHI—affected individuals should remain vigilant. It is important to review financial and medical account statements for suspicious activity, take advantage of the free credit monitoring services, and report any signs of identity theft to the relevant authorities. For more information and ongoing updates, visit the official notice of data security incident on the hospital’s website.