Many residents in central Montana received letters this week notifying them that their personal information may have been compromised in a data breach involving Wakefield and Associates, a third-party billing and revenue cycle firm previously used by Benefis Health System.
In the notice, Wakefield explains that it discovered suspicious activity on its network earlier this year and later confirmed unauthorized access to certain files. The files were accessed in January 2025, and the company conducted a months-long review, finishing in late September, to determine what information was involved. Notification letters were dated December 2nd.
The breach may have affected personal information, including names, dates of birth, healthcare provider ID numbers, health information, and Social Security numbers. Wakefield says it is not aware of any identity theft or fraud connected to the incident but is notifying patients out of an abundance of caution. The company is offering twelve months of complimentary credit monitoring and identity protection through Cyberscout, a TransUnion service.
For some patients, the delayed notification has raised concerns. Elizabeth Sanders, a recipient of the letter, explains, “When I first opened it, you know, you see Benefis and then all of a sudden, of course, you're like, Whoa! Medical information. So now my concern was, why did this Wakefield associates even have access to my information?”
She added, “They're offering credit monitoring, which seems like closing the gate after the horse is out. Because if that information has been out there for almost a year, I'm not sure that credit monitoring is going to do us a whole lot of good now.”
Benefis Health System emphasized that the breach occurred on Wakefield’s network, not on any Benefis servers, and said its own systems were not affected. The health system urges patients who received the letter to follow Wakefield’s instructions. Benefis also noted that questions about the timing of the notification should be directed to Wakefield.
Kaci Husted, Benefis Health System Senior Vice President, said in an email: "Benefis Health System is aware of letters from Wakefield & Associates regarding a data breach that occurred earlier this year. Wakefield is a third-party vendor Benefis has used in the past. The unauthorized access happened on Wakefield’s network—no Benefis networks or servers were involved. Benefis takes patient privacy seriously. We continuously evaluate our third-party vendors. Since this was an issue created by Wakefield & Associates, we urge patients who received the letter to follow Wakefield’s instructions in the letter."
MTN News tried to contact Wakefield and Associates for further comment but has not yet received a response.
Patients who receive the letter are encouraged to monitor their bank accounts, credit reports, and explanation of benefits statements for any suspicious activity. Enrollment information for the complimentary credit monitoring and identity protection services is included in the notification letter.
