Montana Health Services Hacked; Washington, Idaho & Montana Residents Receive Warning Letters

July 18, 2014

While hackers breached a State of Montana’s Department of Public Health and Human Services server, prompting an alert on July 3 and notifications sent to over 1.3 million people. Not all information is about Montanans, since there about a million residents, so out-of-state residents will be notified, too.

Montana PHHS

A forensic audit in May showed a DPHHS server had been hacked. The department ordered the May 22 investigation suspicious activity was noted on May 15, says Jon Ebelt, public information officer.

Montana officials took immediate action, letting anyone believed to be in the system know of the incident. No evidence has turned up showing the information was used inappropriately – or even accessed, says Richard Opper, DPHHS director, but the state is offering free credit monitoring and identity protection insurance to potentially affected individuals.

Montana also is alerting family members of deceased patients. A letter from the state public health department offers a free credit monitoring service for a year.

“I got this letter with a Montana seal on it, but the return mailing address is some processing center in Portland, Oregon,” says Garnette Monnie, an Idaho resident. “I’ve never done any business with the Montana health department, so why am I getting this letter?”

Epiq Systems, of Portland, Ore., has been contracted with the state to send out letters and take calls to contact anyone who may have possibly been involved in the breach.

“The information on the server may have included your name, address, birth date, or social security number,” Dave, a consultant with Epiq Systems says. “It could have been any service or contact you may have had with the state, any time in the past.”

BBB serving E. Washington, N. Idaho & Montana has received several calls questioning the letter’s authenticity.

For more information, call Montana DPHHS at Epiq Systems – 800-809-2956 or 866-940-3613 (respectively).

What you can do after a hack:

  • Change your password on the affected website — and anywhere else you use it. Many web users have a rotation of passwords they use, so be sure to change yours on all vappropriate websites.

  • Be suspicious of emails coming from the business that was hacked — especially ones containing links or attachments. Scammers often use the personal information they’ve obtained along with the hacked business’ name to trick customers into sharing credit card or banking info.

  • Double check emails. While not all affected business do often communicate with customers after the hack. Be sure these emails are real by hovering over the links in the message. When you do this, the link destination should appear in a pop up box or in the lower left hand corner of your browser.

  • Keep a close eye on your credit card and bank accounts. If hackers have access to your personal data, identity theft is a risk. Call your bank or credit card company immediately if you see any unexpected activity.


ABOUT BBB: For more than 100 years, Better Business Bureau has been helping people find businesses, brands and charities they can trust. In 2013, people turned to BBB more than 132 million times for BBB Business Reviews on more than 4.5 million businesses and Charity Reports on 11,000 charities, all available for free at BBB Serving E. Washington, N. Idaho & Montana, founded in 1912, is one of 112 local, independent BBBs across North America.  

You can also find BBB on FacebookTwitterPinterest & Instagram