On November 22, 2021, the Montana-based healthcare provider responded to suspicious activity and “evidence of unauthorized access” to one of the eight file servers used for business operations.