Ransom Paid To Recover Data Of 200,000 MultiCare Patients, Staff

Gig Harbor WA

09 March, 2021

7:46 PM

Description

TACOMA, WA — A medical practice management firm has paid a ransom to recover the data of 200,000+ MultiCare staff and patients, whose information was exposed in a breach late last year. Woodcreek Provider Services first announced the breach and the recovery of the stolen data on Tuesday. As the Tacoma News Tribune reports, Woodcreek Provider Services is a medical practice management firm that supports MultiCare. Woodcreek uses a tech vendor, Netgain Technology. Hackers managed to breach Netgain, and got access to MultiCare data through that connection. In a statement sent to The News Tribune, MultiCare said the breach had been isolated to Woodcreek's server, and that Woodcreek only managed "a small number of pediatric clinics in the Puget Sound region for Mary Bridge Children's Hospital and Health Network." Woodcreek says that Netgain's investigation found that the data was likely stolen between Nov. 24 and Dec. 3, 2020, but could have been taken as early as September. They also say that they believe that, having paid the ransom, the compromised data is now secure: "The data was returned after the ransom was paid and we have no reason to believe it has been or will be further used or disclosed. On January 18, 2021, Woodcreek received a copy of the recovered data set and has been working diligently since then to notify affected individuals." The compromised data included scans of clinical and financial data, and other business records. Those scans carried the full names, birthdates, social security numbers and bank account numbers of patients, among other information. Woodcreek says they have notified everyone whose data was compromised. They are also providing free identity theft protection to everyone involved.