Cyber Incident Victim: Woodcreek Provider Services

The ransomware incident impacting Woodcreek Provider Services stemmed from a November 24, 2020 attack against Netgain Technology LLC, a third-party IT services provider utilized by Woodcreek and other clients. Netgain’s systems were compromised by ransomware operators, leading to unauthorized access and data exfiltration. The breach was publicly acknowledged in January 2021 when Woodcreek issued notifications to affected individuals. Forensic investigations determined that attackers accessed Netgain-managed systems containing Woodcreek’s protected health information (PHI) during the intrusion window. The compromised data included patient names, addresses, Social Security numbers, medical information, vaccination records, on-the-job injury reports, and safety incident reports. Woodcreek confirmed the incident exposed information belonging to over 210,000 patients across its affiliated entities, including Woodcreek Healthcare and MultiCare Health System.

Netgain Technology engaged third-party cybersecurity experts to investigate the ransomware attack, contain the threat, and restore affected systems. Recovery efforts included system restoration from backups following the encryption of Netgain’s infrastructure. Woodcreek Provider Services conducted a review of the compromised files to identify impacted individuals and subsequently issued breach notifications by mail. The notifications outlined the types of exposed data and offered affected individuals complimentary credit monitoring services. The incident highlighted supply chain risks, as the ransomware attack on a single vendor compromised data across multiple healthcare organizations relying on Netgain’s hosted infrastructure. No specific ransomware variant or attacker attribution was disclosed in the public notification.