NorthBay Healthcare Corporation reports data breach exposing half a million people

NorthBay Healthcare Corporation (NorthBay Health), a California-based nonprofit healthcare system operating two hospitals and multiple clinics in Solano County, is reporting a data breach affecting 569,012 individuals following a suspected ransomware attack.

The organization experienced unauthorized network access over a nearly three-month period. According to their investigation, the security incident was detected on February 23, 2024, though the attackers had maintained access to their systems between January 11 and April 1, 2024.

The incident forced NorthBay Health to shut down its systems on April 1, leading to significant operational disruptions at their Fairfield and Vacaville facilities. The system outage lasted at least two weeks, during which the organization had to revert to downtime procedures and turn away patients while gradually restoring affected systems.

The extended period of unauthorized access resulted in the compromise of highly sensitive personal and medical information. The exposed data includes:

• Names and dates of birth
• Social Security numbers
• Driver's license numbers
• Passport and other government ID numbers
• Medical and biometric information
• Health insurance information
• Usernames and passwords
• Financial account information
• Credit/debit card numbers, expiration dates, security codes, and PINs

It's not clear why the company waited nearly a year to report the incident to the public.

The ransomware group Embargo has claimed responsibility for the attack on their data leak site, though they later removed the post - a move that often indicates a potential ransom payment. NorthBay Health has not confirmed Embargo's involvement or any ransom payment.

In response to the breach, NorthBay Health is providing affected individuals with one year of free identity protection and credit monitoring services through Experian.