MN: Apple Valley Clinic notifies 157,939 patients about Netgain Technology breach
In November, 2020, cloud IT services provider Netgain Technology LLC experienced a ransomware attack that resulted in them taking some of their data centers offline. In December and January, they began notifying some of their clients.
In January, Ramsey County notified 8,700 clients of its Family Health Division about the breach. In February, Woodcreek Provider Services notified 207,000 patients, and in March, Sandhills Medical Foundation notified 39,602 patients. And now Apple Valley Clinic is notifying 157,939 patients.
MINNEAPOLIS (March 26, 2021) — This notice is regarding a security incident of which the Apple Valley Clinic has become aware. The Apple Valley Clinic provides primary care and urgent care services. The Apple Valley Clinic contracts with Netgain Technology, LLC (Netgain), to host its information technology network and computer systems.
On December 2, 2020, we were notified by Netgain that its systems had been compromised by a cyberattack. After discovering the cyberattack, Netgain notified law enforcement and ultimately regained control of its systems and recovered the affected data. On January 29, 2021 after the Netgain systems were restored, Allina Health received confirmation that the data involved in the cyberattack contained patient data. We have worked with experts to determine what patient data was affected in order to provide our patients with the most accurate information about the incident and the individuals potentially affected.
Data maintained by the Apple Valley Clinic that was involved in the cyberattack on Netgain’s system included the following types of personal information:
- Dates of birth
- Social security numbers
- Bank account and routing numbers
- Patient billing information
- Medical information, such medical symptoms and diagnosis
This incident only impacted individuals receiving health care services at the Apple Valley Clinic. No other Allina locations were impacted by the incident.
We are committed to our patient’s privacy and we understand that these types of events can cause concern. Although the Apple Valley Clinic was not targeted in this cyberattack, we are taking steps to enhance our own cybersecurity protocols and practices. In February, we implemented Allina Health’s electronic health record system and began migrating the Apple Valley Clinic to a new information technology system, used by Allina Health.
We are communicating regularly with Netgain to ensure they are taking appropriate steps to better maintain the security of the Apple Valley Clinic’s data. Netgain has provided written assurances that the threat to its systems has been contained and eliminated. Netgain is continuing to scan its environment to identify potential impacts from the attack and will work promptly to address any new vulnerabilities that may be identified.
In the interest of protecting our patient’s privacy, and in accordance with law, Allina Health is in the process of contacting all patients who may have been affected.
We are not aware that any data was disclosed or used by those responsible for the cyberattack. However, out of an abundance of caution, we are offering complimentary identity theft protection services to affected patients of the Apple Valley Clinic.
For More Information. Patients who may have been impacted can call 833-978-2828. Monday – Friday from 8:00 AM to 6:00 PM (Central Time), beginning Monday, March 29, 2021.
About Allina Health
Allina Health is dedicated to the prevention and treatment of illness and enhancing the greater health of individuals, families and communities throughout Minnesota and western Wisconsin. A not-for-profit health care system, Allina Health cares for patients from beginning to end-of-life through its 90+ clinics, 11 hospitals, 15 retail pharmacies, specialty care centers and specialty medical services, home care, and emergency medical transportation services.