Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

NorthBay Health Data Breach Impacts 569,000 Individuals

NorthBay Health says hackers stole the personal information of 569,000 individuals in a 2024 ransomware attack.

Non-profit healthcare system NorthBay Healthcare Corporation (NorthBay Health) is notifying over 569,000 individuals that their personal information was stolen in a data breach following a ransomware attack a year ago.

According to the organization, the unauthorized access to its network was identified on February 23, 2024, but the attackers had access to its systems between January 11 and April 1.

During that time, the attackers accessed certain files containing personal information such as names, dates of birth, Social Security numbers, driver’s license numbers, passport and other government ID numbers, medical information, and biometric information.

Furthermore, the hackers accessed usernames and passwords, financial information, credit or debit card numbers, and, for some individuals, credit or debit card expiration dates, security codes, and/or PINs.

In a filing with the Maine Attorney General’s Office, NorthBay Health said that it is sending written notifications to 569,012 individuals who were impacted by the incident, without detailing how many of these are patients or employees.

[ Read: 2024 US Healthcare Data Breaches: 720 Incidents, 186 Million User Records ]

The organization told the affected people that it does not believe that their personal information was misused for identity theft or fraud, but it is providing them with one year of free identity protection and credit monitoring services.

NorthBay Health did not specifically say that ransomware was used in the attack, but the attack forced it to shut down its systems on April 1, a typical response to ransomware. No known ransomware group has claimed responsibility for the incident, which suggests that a ransom might have been paid.

Advertisement. Scroll to continue reading.

The system disruption, which resulted in employees reverting to downtime procedures at NorthBay Health’s Fairfield and Vacaville facilities and in patients being turned away, continued for at least two weeks as the organization was slowly restoring the impacted systems.

NorthBay Health operates two hospitals and multiple clinics in Solano County and employs more than 150 doctors, offering a broad range of healthcare services, including primary care, trauma, orthopedics, heart, pediatrics, neuro, and cancer.

SecurityWeek has emailed NorthBay Health for additional clarification on the cyberattack and data breach and will update this article as soon as a reply arrives.

Related: 152,000 Impacted by Data Breach at Berman & Rabin

Related: Frederick Health Hit by Ransomware Attack

Related: Cybersecurity Is Under Assault, And It’s Growing Worse

Related: Connect: The Fourth Pillar of Industrial Cybersecurity

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.