HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

207K MultiCare Health System and Woodcreek Healthcare Patients Affected by Ransomware Attack

The number of individuals affected by a ransomware attack on St. Cloud-based Netgain Technology LLC has increased, with a further 207,000 individuals now confirmed as being affected and that figure certain to rise over the coming days. Netgain Technology provides IT and technology services to several entities in the healthcare industry, including the medical practice management company Woodcreek Provider Service in Washington. Ramsey County in Minnesota was previously confirmed to have been affected by the ransomware attack.

Woodcreek Provider Service provides support to pediatric clinics and urgent care centers owned and operated by MultiCare Health System.  Woodcreek Provider Service was notified by Netgain about the December 3, 2020 attack and informed that the protected health information of patients and the personal information of employees and contractors were stored on servers affected by the ransomware attack, and may have been obtained by the attackers who first gained access to its systems on November 23, 2020.

The Woodcreek Provider Service IT network and computer system is hosted by Netgain and a considerable amount of data has potentially been accessed or obtained in the extortion attack. Potentially compromised information includes: Names, addresses, medical record numbers, dates of birth, Social Security numbers, health insurance information, insurance claims, explanation of benefits statements, clinical notes, referral requests, lab test reports, decision not to vaccinate forms, authorization requests for services, treatment approvals, records requests, immunization information, vaccine records, prescription requests, release of information forms, subpoena records requests, medical record disclosure logs, incident reports, invoices, correspondence with patients, student identification numbers, bank account numbers, employment related documents, court documents, DEA certificates, payroll withholding and insurance deduction authorizations, benefit and tax forms, employee health information and some medical records.

The data stolen in the attack was returned when the ransom was paid and assurances were received that no data was retained by the attackers. Netgain provided reassurances that steps have been taken to improve security to prevent any further cyberattacks. Woodcreek Provider Service has also taken steps to protect information under its control and has reviewed and revised its cybersecurity policies and procedures.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Affected MultiCare Health System and Woodcreek Healthcare patients have been offered identity theft protection services and/or complimentary credit monitoring services.

Sandhills Medical Foundation has Data Stolen in Ransomware Attack

Sandhills Medical Foundation has also started notifying patients that some of their protected health information was obtained in a ransomware attack on a vendor that provides data storage for its billing, scheduling, and reporting systems. While it has not been confirmed which vendor suffered the attack, the timings provided in the breach notice and nature of the referenced vendor make it likely that it was Netgain Technologies.

Sandhills Medical Foundation was notified by the vendor on January 8, 2021 and was informed that the attackers accessed Sandhills’ systems on November 15, 2020 and stole data. The ransomware was deployed on December 3, 2020. The data obtained by the attackers included names, dates of birth, email addresses, mailing addresses, driver’s license numbers, Social Security numbers, and claims information, from which it would be possible to determine diagnoses.  All copies of the stolen data have reportedly been deleted/destroyed.

Affected individuals have been offered complimentary credit monitoring services for 12 months. Sandhills reported the breach to the HHS’ Office for Civil Rights. The breach report indicates 39,602 individuals were affected.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.