Data Privacy,
Data Security,
Fraud Management & Cybercrime
Cloud Services Provider Agrees to $1.9M Settlement Following 2020 Patient Data Breach
Netgain Technology, a cloud services provider based in Minnesota, has reached a $1.9 million settlement related to a ransomware attack that compromised patient data from multiple healthcare clients in 2020. The settlement arises from a proposed class action following the breach that affected numerous individuals and healthcare organizations.
According to court documents, Netgain has exhausted its cyber insurance funds after a protracted four-year legal battle due to the attack’s associated costs. As part of the settlement, eligible class members may receive up to $5,000 for documented expenses directly linked to the data breach, which includes reimbursements for time spent rectifying issues stemming from the incident.
Additionally, class members can choose to receive a prorated cash payment from the remaining settlement fund, which will also cover attorney fees and service payments to lead plaintiffs. Despite the sizeable breach, legal experts suggest the settlement amount is relatively modest compared to similar cases, illustrating the burdens class action litigation can place on defendants. Regulatory attorney Paul Hales commented on the financial constraints facing Netgain, noting that the firm’s resources are substantially strained.
Enhancements to Cyber Defense
As part of the settlement agreement, Netgain has committed to a comprehensive upgrade of its cybersecurity protocols. This includes enhancing its front-line defenses with advanced firewalls to better guard against external threats and restricting network traffic to only essential services. The company will also implement geo-blocking for Azure clients and require secure access for external requests.
Netgain’s strategy will further involve optimizing its network architecture to ensure security through methods such as dedicated subnets, VLANs, and virtual routing and forwarding for each client. Additionally, the deployment of a robust firewall methodology will focus on preventing unauthorized traffic, while DNS filtering and monitoring will enhance overall security vigilance.
To bolster its defenses, Netgain also plans to introduce a continuous monitoring solution, such as SentinelOne, across its data infrastructure, ensuring 24/7 oversight for any suspicious activities. This proactive approach is designed to improve resilience against future breaches while restoring stakeholder confidence.
Complaint and Risk Landscape
The lawsuit, filed in a Minnesota federal court, cited negligence among multiple claims, detailing an incident where unauthorized entities accessed Netgain’s systems, resulting in significant data exposure between September and November 2020. The plaintiffs allege that Netgain engaged with cybercriminals, paying an undisclosed sum for the promise that the stolen data would be erased and not disclosed further.
Documentation reveals that over two dozen healthcare clients of Netgain issued breach notifications, revealing that sensitive information of “hundreds of thousands” of patients, including Social Security numbers, medical records, and financial data, was potentially compromised. The implications of such breaches are profound, especially in a landscape where third-party service providers are increasingly targeted due to the vast amounts of accessible data.
Cybersecurity expert Paul Hales highlighted the vulnerabilities faced by business associates like Netgain, emphasizing that they represent attractive targets for cybercriminals. As class-action lawsuits grow in frequency, organizations must prioritize robust compliance with cybersecurity standards, particularly HIPAA regulations, to mitigate risks. This situation emphasizes the imperative for all organizations, including legal firms servicing the healthcare sector, to strengthen their cybersecurity posture to avoid the domino effect of breach-related litigation.
