Cyber Incident Victim: Netgain

Netgain, a cloud hosting and IT services provider specializing in managed services for healthcare and accounting sectors, experienced a disruptive ransomware attack on November 24, 2020. The incident prompted immediate operational disruptions, though initial customer communications did not occur until December 4. On that date, Netgain notified clients via email about potential "system outages or slowdowns" linked to the cyberattack, attributing service interruptions to precautionary measures involving additional security software installations. The company framed these disruptions as temporary but warned they might persist over subsequent days. By December 5, the severity escalated, compelling Netgain to take decisive containment actions by deliberately shutting down multiple data centers to isolate the ransomware threat. This tactical shutdown intensified service outages for clients relying on hosted infrastructure.

The attack's scope became partially evident when Crystal Practice Management, a Netgain customer, disclosed that thousands of servers were compromised. Netgain mobilized restoration efforts immediately after containment but refrained from providing stakeholders with a recovery timeline, indicating operational complexity. Service restoration proceeded without public deadlines, prolonging business continuity challenges for affected organizations. The incident specifically disrupted Netgain's desktop-as-a-service environments and managed IT offerings, directly impacting specialized workflows in healthcare and accounting—sectors dependent on consistent data access. No ransomware variant, financial demands, or data exfiltration details were disclosed in available communications. Netgain's response adhered strictly to its incident response plan, prioritizing threat isolation through infrastructure disconnection over maintaining service availability.