Ransomware Attack on MultiCare Health System, Woodcreek Healthcare and Sandhills Medical Foundation

About 207,000 people were confirmed to have been impacted by a ransomware attack on St. Cloud-based Netgain Technology LLC and that number may still go up. A number of entities in the healthcare sector, such as Woodcreek Provider Service in Washington use the IT and technology services of Netgain Technology. Initially, it was confirmed that Ramsey County in Minnesota was impacted by the ransomware attack.

Woodcreek Provider Service helps pediatric clinics and urgent care centers managed and run by MultiCare Health System. Netgain notified Woodcreek Provider Service regarding the December 3, 2020 attack and confirmed the impact of the ransomware attack on the protected health information (PHI) of patients and the personal data of employees and contractors kept on its servers. The attackers potentially got initial access to its systems on November 23, 2020.

The Woodcreek Provider Service IT network and computer system use the hosting services of Netgain and a substantial volume of data was likely accessed or acquired during the extortion attack. The compromised data potentially includes names, addresses, medical record numbers, birth dates, medical insurance data, insurance claims, explanation of benefits statements, clinical records, referral requests, laboratory test reports, decision not to vaccinate forms, consent requests for services, treatment approvals, records requests, immunization details, vaccine information, prescription requests, the release of data forms, subpoena log requests, health record disclosure logs, incident reports, invoices, communication with patients, student ID numbers, bank account numbers, work-related records, court documents, DEA certificates, payroll withholding, and insurance deduction consent, benefit and tax forms, employee medical data, some medical records and Social Security numbers.

The attackers returned the stolen data after receiving the ransom payment and gave assurances that they did not have any copy of the data. Netgain gave reassurances that it has taken steps to enhance security to avoid any more cyberattacks. Woodcreek Provider Service additionally took steps to safeguard data under its control and reviewed and updated its cybersecurity guidelines and procedures as needed.

Impacted MultiCare Health System and Woodcreek Healthcare patients received offers of identity theft protection services and/or free credit monitoring services.

Ransomware Attack on Sandhills Medical Foundation

Sandhills Medical Foundation began informing patients about the potential compromise of some of their PHI because of a ransomware attack on its vendor providing data storage space for its billing, booking, and reporting systems. Although it’s not yet confirmed which vendor encountered the ransomware attack, the date given in the breach notification and description of the referenced vendor seem likely that it was Netgain Technologies.

The vendor informed Sandhills Medical Foundation on January 8, 2021 that the threat actors got access to Sandhills’ systems on November 15, 2020 and exfiltrated data. The ransomware was installed on December 3, 2020 and the attackers acquired information such as names, birth dates, email addresses, mailing addresses, Social Security numbers, driver’s license numbers, and claims details, from which it is possible to know diagnoses. All duplicates of the stolen information were supposedly deleted.

Sandhills Medical Foundation offered free one-year credit monitoring services to the affected people. The provider already submitted the breach report to the HHS’ Office for Civil Rights, however, it is not yet published on the breach portal. Hence, it is still uncertain how many patients were affected by the breach.

About Christine Garcia 1200 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA