PHI Potentially Exposed in River Springs Health Plans Phishing Attack and Netgain Ransomware Attack

An unauthorized person obtained access to a River Springs Health Plans worker’s email account and deployed malware which likely made it possible for the copying of email account contents. The staff clicked on the phishing email on September 14, 2020. The provider found the malware and took it out the next day. The email account was furthermore made secure.

A prominent forensics agency was retained to aid the investigation and ascertain if attackers viewed or obtained any sensitive facts. There is no proof discovered which indicated the copying of any member data. Nevertheless, data theft cannot be eliminated. An extensive assessment of the affected account showed on February 17, 2021 that there were 31,195 River Springs Health Plans members’ PHI kept in the account.

The kinds of information contained in the account differed from person to person and might have involved these data: First and last names, birth dates, Medicaid ID, Medicare ID, member ID, Social Security number, and sources to medical data for instance healthcare provider details. No financial data was affected.

River Springs Health Plans has undertaken steps to boost email security and has re-trained the staff on phishing email identification and submitting reports on suspicious email messages. Impacted persons have already been advised and free credit monitoring services were given.

Netgain Ransomware Attack  Affected Health Center Partners of Southern California

Health Center Partners of Southern California (HCP) has reported that it was impacted by the ransomware attack on Netgain Technology LLC, its IT service supplier.

HCP offers help to community health units based in Southern California which necessitates access to patient data, several of which was saved on systems that were affected by the ransomware attack in September 2020. Netgain’s inquiry established that from October 22, 2020 until December 3, 2020, the attacker acquired files comprising PHI, including HCP information.

Netgain paid the ransom demand to avert further exposure of the stolen information and acquired guarantees that the attackers had wiped out the records. The darkweb is being searched and hacking community forums watched to determine any data exposure. HCP mentioned in its breach notification that there’s no reason to think any information stolen in the attack is going to be misused nevertheless, as a safety measure, impacted people were provided free identity protection services from IDX.