The Associated Eye Care Partners (AEC) in Montana has started releasing notices that threat actors might have impacted patients’ personal information during an old ransomware attack that targets Netgain.
November, a couple of years ago, an IT services provider for several industries fell victim to a ransomware campaign that affected several organisations, especially in the healthcare industry. All of which were notified of the incident last year.
However, one of the affected organisations, AEC, has started informing potentially affected individuals that malicious entities might have impacted their information during the ransomware incident. AEC is a healthcare provider of management services, strategic capital, and expertise in eye care.
Moreover, the compromised company submitted a copy of the notice for the affected individuals to the Montana Attorney General’s office. The firm did not specify the timeline of when Netgain disclosed the data breach. However, the investigation revealed that the threat actors completed the ransomware attack a couple of months ago.
The letter to the Attorney General also indicated that AEC and other healthcare entities retained their agreement with Netgain to host their environments, such as email and cloud services. Therefore, Netgain became the prime target for threat actors.
AEC confirmed that the Netgain ransomware actors hold critical data from them.
AEC noted that the threat actors had access to their patient’s information, such as full names, Social Security numbers (SSNs), medical records, and complete addresses. Fortunately, the company has yet to find evidence of misuse of the stolen data.
The firm then showed that it had replaced Netgain as its hosting vendor to avoid any further attacks from different malicious entities.
Unfortunately, AEC has not shared the number of the affected clients and employees. The information has not also been listed on the US Department of Health and Human Services’ website. This United State department also keeps track of the healthcare data breaches impacting more than 500 individuals.
Many healthcare companies have revealed that they are also affected by the Netgain ransomware attack. These attacks resulted in the data exposure of over 1 million patients since the hackers had already breached their networks.
