Cyber Incident Victim: Native American Rehabilitation Association of the Northwest

On August 31, 2022, unauthorized individuals outside the United States gained access to seven employee email accounts at the Native American Rehabilitation Association of the Northwest (NARA NW), a Portland, OR-based healthcare organization. The breach persisted until September 1, 2022, when suspicious activity was detected within NARA NW's email system. The organization immediately secured the compromised accounts to prevent further unauthorized access. A forensic review confirmed the foreign actor's activity during this two-day window and assessed the scope of exposed data. The investigation revealed that the breached email accounts contained patient information primarily consisting of names, dates of birth, and non-sensitive treatment details. Only four individuals among the 2,915 affected patients had their Social Security numbers exposed during the incident.

NARA NW's technology infrastructure enabled rapid identification of the specific emails and information accessed by the threat actor. The organization implemented additional security measures following the breach, including restrictions on web-based email usage, blocking of international access attempts, and deployment of multi-factor authentication for all email accounts. Notification procedures were initiated for all affected individuals, with the four patients whose Social Security numbers were compromised receiving offers for 12 months of complimentary credit monitoring services. The organization emphasized its preparedness for cyberattacks through existing security protocols that facilitated swift containment and analysis, though no further details regarding detection methods or attacker identification were disclosed in available reports.