Cyberattack impacts 200,000 people connected to MultiCare Health Systems

SEATTLE - A cyberattack has exposed the personal information of 200,000 people connected to Tacoma-based MultiCare Health Systems.

In a statement to Q13 news, MultiCare said the breach was isolated to a third-party server tied to a number of pediatric clinics for Mary Bridge Children’s Hospital and Health Network.

"The breach was isolated to Woodcreek’s server, which is a separate system from MultiCare Health System and Mary Bridge Children’s. The primary electronic medical records database for the system was not affected by this incident."

Related: MultiCare healthcare workers strike, urging need for more PPEs, staff support

MultiCare uses Woodcreek Provider Services as its medical practice management company. On Tuesday, Woodcreek announced that its technology vendor, Netgain Technology, was hit by a data breach attack between November 24 and December 3, 2020. 

The breached data was retrieved after an undisclosed ransom was paid.

Names, social security numbers, and bank account information are just a few of the personal details potentially exposed in the ransomware attack.

Related: Senate OKs measure creating state Office of Cybersecurity

For parents and guardians who insure patients of Woodcreek Healthcare or MultiCare Health System, full subscriber names and insurance policy numbers were potentially exposed.

"Ransomware is the biggest threat, it can happen instantly, it can happen overnight," said Bryan Seely a cybersecurity expert.

Recent studies show that opportunistic hackers are increasing their attacks targeting medical records.

"It’s only going to get worse until more people have a solution that will actually do a job well enough to keep them safe," said Seely.

MultiCare said notices have been sent to everyone impacted by the ransomware attack.