Netgain Data Breach Lawsuits
The Netgain data breach incident has affected hundreds of thousands of individuals, leading to several class action lawsuits to be filed on behalf of the data theft victims. The ransomware cyber-attack targeted the cloud hosting and IT services provider late last year, when Netgain was forced to take some data centers offline.
Netgain provides IT and cloud services to several healthcare organizations, including Woodcreek Provider Service/ MultiCare Health System as well as Apple Valley Clinic/Allina Health. Woodcreek Provider Services, based in Washington, reported 207,000 patients affected and Apple Valley Clinic/Allina Health, out of Minnesota, reported around 157,000 individuals affected.
Netgain notified their clients that protected health information of patients was compromised when unauthorized individuals accessed their networks. Personal data that may have been stolen includes:
- Medical record numbers
- Dates of birth
- Social security numbers
- Health insurance policy and identification numbers
- Clinical notes
- Laboratory reports
- Immunization information & vaccine records
- Correspondence with patients
- Student identification numbers
- Bank account numbers
- Employment-related documents
- Benefit and tax forms
- Employee health information
- Medical records
Netgain has since added security enhancements within its network to help prevent future threats, but attorneys say the damage has already been done. When data is leaked, it can remain on the dark web forever, and may fall into the hands of bad actors who use various data in fraudulent schemes.
Netgain Data Breach & Cloud Data Theft Incidents
Cloud vendors like Netgain may be an increasingly attractive target for cyberattacks and ransomware events, putting millions of Americans at risk. Companies, however, should be aware of the cybersecurity risks, and have a duty to protect customer data.
Clouds hold vast amounts of personal data that has become very valuable on the black market, and health data is particularly of interest to some cybercriminals. With every successful ransomware attack on a healthcare entity, there will be more and more attempts to duplicate the hack with a similar target.
Thus, companies like Netgain, who promise clients to protect data privacy, must understand the importance of a strong system security program. Some cloud services companies say they are not responsible for the data their clients store within their cloud services, but some experts and data privacy attorneys tend to disagree. Both a third-party, contracted cloud service vendor and an individual healthcare entity are responsible for protecting and securing stored personal health data.