Additional Healthcare Firms Disclose Impact From Netgain Ransomware Attack

17 January 2022

Additional Healthcare Firms Disclose Impact From Netgain Ransomware Attack

Healthcare providers Caring Communities and Entira Family Clinics are warning patients that their personal information may have been exposed in a data breach that hit tech vendor Netgain Technology more than a year ago.

In late November 2020, Netgain, which provides managed IT services to organizations in sectors such as accounting, healthcare, and legal, fell victim to a ransomware attack that also resulted in the compromise of customer data.

By January 2021, Netgain had informed affected organizations of the incident, and numerous healthcare services providers began sending data breach notices over the next several months, including Ramsey County’s Family Health division, Woodcreek Provider Services, Sandhills Medical Foundation, Apple Valley Clinic, Neighborhood Healthcare, San Diego Family Care (and Health Center Partners of Southern California), SAC Health System, SouthCare Carolina, and Caravus.

During summer, more healthcare provides disclosed impact from the incident, including Minnesota Community Care, CentraCare Health and Carris Health – Willmar Lakeland Clinic, Family Health Centers of San Diego, Imperial Beach Community Clinic, and LifeLong Medical Care.

Last week, Caring Communities and Entira Family Clinics also revealed the impact from the Netgain ransomware attack and began telling patients that their personal information might have been leaked.

In addition to medical history, data that was potentially compromised in the attack includes names, addresses, and Social Security numbers, both organizations said in their notification letters.

Entira told the Maine Attorney General’s Office that data of roughly 200,000 individuals was compromised in the incident. Overall, the Netgain incident appears to have impacted the data of more than 1 million patients.