Over 300K Patients Affected by Elara Caring, Woodcreek Provider Breaches

March 09, 2021 - Woodcreek Provider Services and Elara Caring recently reported healthcare data breaches impacting more than 300,000 patients. The tallies are some of the largest reported in the healthcare sector in 2021, so far.

Woodcreek is a medical practice management company based in Washington, which provides support to pediatric clinics and urgent care centers owned and operated by MultiCare Health System.

According to its notice, Woodcreek uses Netgain Technology to host its IT network and computer systems. On January 4, Netgain notified Woodcreek that its systems had been compromised by a security incident, which led to unauthorized access to some systems.

The hacker gained access to the system in November 2020, but access potentially began two months earlier in September 2020. Upon discovery, Netgain launched its incident response and recovery plans, notified law enforcement, and engaged with a third-party cybersecurity team.

On December 3, the attacker launched a ransomware attack on the hosted environment, which encrypted a subset of data belonging to Netgain’s clients and internal systems. Netgain took measures to contain the threat, such as disabling the external and internal network pathways and taking its client services offline.

READ MORE: CISA Warns of Accellion FTA Exploit; Centene Among Breach Victims

The investigation determined the hackers exfiltrated data from the Woodcreek Provider’s hosted services prior to the ransomware deployment. Netgain paid the attackers to recover the stolen data, with “assurances that the attackers deleted the data and did not retain any copies.”

It’s important to note that a number of reports have shown, increasingly ransomware victims cannot trust these assurances. Hackers have been observed providing false evidence that the data was destroyed then publicly doxxing victims, even if the ransom was paid.

However, Netgain’s outside cybersecurity team has been monitoring for signs the exfiltrated data has been posted for sale. And as of January 14, 2021, there’s been no indication the data has been leaked.

The threat was contained and eradicated by January 14. Four days later, it provided Woodcreek with a copy of the data recovered from the attackers. The data set contains about 215,000 directories and 21,874 file folders, which includes personal information and protected health information, subject to HIPAA.

The compromised data includes PHI maintained by Woodcreek Provider Services, MultiCare Health System, and Woodcreek Healthcare, as well as personal information from business records maintained by Woodcreek Provider Services.

READ MORE: Vaccine Rollout Spurs 372% Rise Bad Bots; Spear-Phishing Up 26%

The notice showed the Provider Services identified 557 employees, healthcare providers, applicants, and contractors with personal information included in the recovered data set. Another 25,360 individuals were notified who received services from either Multicare Health System or Woodcreek Healthcare.

Another 210,000 individuals are being notified, as the data impacted by the incident is regulated by HIPAA.

The PHI includes patients’ contact details, medical record numbers, dates of birth, insurance identification numbers and claims information, statements, clinical notes, lab reports, referral requests, treatment approvals, vaccination forms and records, prescription records, medical record disclosure logs, patient correspondence, some medical records, and host of other data.

The electronic medical records system was not impacted.

The personal data compromised by the event includes full names, dates of birth, Social Security numbers, student identification numbers, health insurance policy numbers, bank account numbers, resumes, transcripts, performance appraisals, criminal background check reports, diplomas, degrees, and board certifications, among a trove of other sensitive information.

READ MORE: 50% Phishing Emails Seek Credential Theft, as Malware Delivery Declines

Woodcreek Provider has since ensured Netgain has taken the appropriate steps to better maintain the security of its data.

Netgain has since installed advanced threat protection and monitoring software across its systems to proactively safeguard against a potential recurrence. The team also conducted thorough scans of the environment to identify potential impacts from the attack and to promptly address new vulnerabilities.

Though its internal network was not compromised by the incident, Woodcreek Provider is taking steps to enhance its cybersecurity protocols and practices, including employee reminders to routinely update passwords. The entity is also conducting a review of stored information and updating its data retention policies.

Elara Caring Email Hack Impacts 100,487 Patients

Elara Caring recently notified 100,487 patients that their data was potentially compromised after hackers gained access to a number of corporate email accounts.

In December, Elara Caring discovered unauthorized access on a number of employee email accounts. The threat was promptly mitigated and an investigation was launched with support of a third-party security team. 

Officials said they also notified law enforcement and took steps to secure the systems, including a password reset for all employees. To date, the investigation has found certain patient and employee information may have been viewed as a direct result of the incident.

The compromised data varied by individual, but could include names, SSNs, contact details, dates of birth, email addresses and passwords, insurance information and account numbers, and password numbers.

The investigation has found no evidence of further malware deployment from the email incident, nor were the networks otherwise impacted. All impacted individuals will receive free credit monitoring and identity protection services.