A Minnesota network of family medicine practices commenced informing around 200,000 individuals concerning the potential exposure of their personal information and protected health information (PHI) because of a cyberattack on a business associate over one year ago.
It was mentioned in the notification letters sent by Entira Family Clinics to the affected persons on January 13, 2022 that the breach happened at Netgain Technologies, which is the hosting and cloud IT services provider to organizations in the medical care and accounting markets. Entira Family Clinics utilized Netgain’s email and hosting services.
The healthcare company stated the data possibly breached included names, Social Security numbers, addresses, and health histories. Entira stated in its notification letters that they had their information technology (IT) support staff working right away upon discovering the breach and involved a law company specialized in cybersecurity and data privacy to look into the matter. They additionally communicated directly with Netgain and its breach adviser with regards to Netgain’s incident resolution and forensic inquiry.
The investigation discovered no proof of attempted or actual misuse of any personal records. Entira Family Clinics reported it is doing something to enhance security and minimize risk, and that course of action needed an evaluation and update of policies and guidelines linked to the protection of its systems, servers, and life cycle operations. A security review was likewise performed of the Netgain environment to make certain of the tougher security of the cloud hosting website.
Entira Family Clinics provided the impacted persons with a free membership to online credit monitoring services with IDX. The breach report sent to the Maine Attorney General reveals 199,628 people were affected.
The notification letters mailed to the impacted persons say that the clinic identified that a data security breach on Netgain’s environment might have contributed to the unintended compromise of their personal data and that “Netgain was lately the hit by cybersecurity case.
The date of the incident was not stated in the notification letters, thus affected people will not know that the cyber attack and data theft incident had taken place over one year already on November 4, 2020.
Netgain reported the data breach last December 2020, and nearly all impacted firms were alerted by February 2021. A lot of the affected Netgain clients issued notification letters throughout the spring and summer of 2021. It is not clear why Entira Family Clinics deferred giving notification letters for such a long time, and if this was a result of overdue notification by Netgain.
In addition, this month, Caring Communities, a member-owned liability insurance firm in Illinois serving non-profit senior housing and care companies, at the same time sent notification letters regarding the Netgain security breach. The company mailed notification letters last January 14, 2022, which expressed similar things as those mailed by Entira.
Caring Communities mentioned it is not utilizing Netgain as its hosting provider now and moved its environment to some other service provider after getting informed concerning the data breach and the exact same steps are being undertaken to strengthen security. Impacted people have in the same way been given credit monitoring and identity theft protection services via IDX. It is presently uncertain how many persons were impacted. The notification letters additionally pertain to the current cyberattack on Netgain and never discuss when the attack took place nor why the distribution of notification letters was overdue.