Woodcreek Provider Services, which provides support to MultiCare Health System pediatric clinics and urgent care centers, has reported a data breach that may impact more than 300,000 patients.
According to its data breach notice, Woodcreek was notified by Netgain Technology, its IT network host, that its systems had been compromised by a security threat, leading to unauthorized access to patient data.
The hacker gained access to the system in late 2020, and Netgain launched an investigation with a third-party cybersecurity team. The breach was allegedly due to a ransomware attack in which Netgain paid cyberattackers to recover the stolen data. Netgain has been monitoring for signs that the exfiltrated data has been posted for sale. Medical data can fetch large sums of money on the dark web, used in various fraud and identity theft schemes.
The patient data supposedly contains about 215,000 directories and 21,874 files, including personal and protected health information, which may include:
- Medical records
- Dates of birth
- Insurance information
- Clinical notes
- Lab reports
- Vaccination records
- Social security numbers
- Bank account numbers
- Criminal background check reports
Woodcreek has said their electronic medical records system was not impacted by the data breach. Netgain has installed additional threat protection, cybersecurity protocols and monitoring software to promptly address new system vulnerabilities.