Associated Eye Care Partners in Montana has begun notifying patients regarding a potential compromise of personal data following the widespread Netgain ransomware attack in 2020, which has impacted data from more than 1 million patients, reports SecurityWeek.
"AEC, along with thousands of other healthcare entities, retained Netgain for online hosting of its environment, including cloud services and e-mail. On Dec. 4, 2020, Netgain was the target of a cybersecurity incident... Netgain provided AEC with the data sets that were potentially impacted. AEC then underwent an extensive data mining project to identify all impacted individuals, which was completed on May 16, 2022," said AEC in a data breach notification letter sent to patients, as well as the Montana Attorney General's office.
Threat actors behind the attack were able to access patients' names, Social Security numbers, addresses, and medical history but there has been no evidence suggesting that such data has been misused after the attack, according to AEC, which added that it has since transferred to a new data vendor while ensuring stronger security measures.
A healthcare provider can have all the elements in place, but without context, prioritization of systems, and well-practiced incident response plan, the effectiveness of well-laid processes are limited.