PHI Potentially Breached in River Springs Health Plans Phishing Attack and Netgain Ransomware Attack

An unauthorized individual acquired access to a River Springs Health Plans employee’s email account and installed malware that possibly permitted the extraction of email account contents. The worker responded to the phishing email on September 14, 2020. The provider detected the malware and eliminated it the following day. The email account was additionally secured.

A top forensics company was retained to help the investigation and find out whether attackers accessed or obtained any sensitive information. There is no evidence found which suggested the exfiltration of any member data. However, data theft can’t be made certain. A thorough analysis of the affected account revealed on February 17, 2021 that there was 31,195 River Springs Health Plans members’ PHI stored in the email account.

The types of information found in the account varied from one person to another and may have included the following data: First and last names, dates of birth, Medicaid ID, Medicare ID, member ID, Social Security number, and references to medical information like healthcare provider details. No financial details were exposed.

River Springs Health Plans has done something to strengthen email security and has given more training to the employees on phishing email identification and filing reports on suspicious emails. Affected people have now been informed and complimentary credit monitoring services were provided.

Netgain Ransomware Attack Impacts Health Center Partners of Southern California

Health Center Partners of Southern California (HCP) has stated that it was impacted by the ransomware attack on Netgain Technology LLC, its IT service provider.

HCP gives assistance to community health facilities located in Southern California which need access to patient data, a number of of which were kept on systems that were affected by the ransomware attack in September 2020. Netgain’s investigation affirmed that from October 22, 2020 to December 3, 2020, the attacker acquired files that contain protected health information, including HCP information.

Netgain gave ransom payment to avoid further compromise of the stolen information and got assurances that the attackers had erased the records. The darkweb is being scanned and hacking forums supervised to find any data exposure. HCP stated in its breach notice that there is no reason to believe any information stolen in the attack will be misused however, as a preventative measure, impacted individuals were given no-cost identity protection services via IDX.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at