PHI of 31,000 Individuals Potentially Compromised in River Springs Health Plans Phishing Attack

An unauthorized individual gained access to the email account of an employee of River Springs Health Plans and installed malware which potentially allowed the contents of the email account to be exfiltrated. The employee responded to the phishing email on September 14, 2020. The malware was detected and removed the following day and the email account was secured.

A leading forensics firm was retained to assist with the investigation and determine whether any sensitive information was accessed or obtained by the attackers. No evidence was found which suggested any member data had been exfiltrated, but data theft could not be ruled out. A comprehensive review of the affected account revealed on February 17, 2021 that the protected health information of 31,195 River Springs Health Plans members was stored in the email account.

The types of information in the account varied from individual to individual and may have included the following information: First and last names, dates of birth, member ID, Medicare ID, Medicaid ID, Social Security number, and references to medical information such as healthcare provider information. No financial information was compromised.

River Springs Health Plans has taken steps to improve email security and has reeducated the workforce on phishing email identification and reporting suspicious emails. Affected individuals have now been notified and complimentary credit monitoring services have been offered.

Health Center Partners of Southern California Impacted by Netgain Ransomware Attack

Health Center Partners of Southern California (HCP) has confirmed it has been affected by a ransomware attack on its IT service provider, Netgain Technology LLC.

HCP provides support to community health centers in Southern California which requires access to patient information, some of which was stored on systems that were affected by the September 2020 ransomware attack. Netgain’s investigation confirmed that between October 22, 2020 and December 3, 2020, files containing protected health information were obtained by the attacker, including files containing HCP data.

Netgain paid the ransom to prevent further disclosure of the stolen data and received assurances that the attackers had deleted the data. The darkweb is being scanned and hacking forums monitored to identify any exposure of the data. HCP said in its breach notice that there is no reason to believe any data stolen in the attack will be misused.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.