TACOMA, Wash. — A Washington state healthcare organization said sensitive employee information was impacted after one of its partners was the subject of a ransomware attack in June.
Kaye-Smith, a business solutions company, confirmed it was the subject of a ransomware attack involving several of its partners, including MultiCare. The health system said it was informed that the breach included its employees’ information on Sept. 30.
Kaye-Smith prints W-2 and 1099 forms for the hospital system, according to MullitCare.
The names, addresses and social security numbers of some current and former MultiCare employees were included in the data breach.
Kaye-Smith said it took steps over the summer to secure the data. It said it has not seen any evidence suggesting the data was or will be made public.
Employees that were affected can expect a letter from Kaye-Smith notifying their information was compromised.
"MultiCare takes our responsibility to protect the sensitive information entrusted to our organization very seriously. We will remain ever-vigilant to ensure the ongoing security of our patients and our employee data," MultiCare said in a statement.
MultiCare has 11 hospitals and 20,000 team members, including employees, providers and volunteers, according to its website.
The number of employees impacted was not released.
This marks the second time in recent months that MultiCare has announced a data breach. In August, MultiCare said a third party -- Avamere Health Services LLC -- discovered unauthorized access to its systems.
Avamere contracts with Physicians of Southwest Washington, MultiCare's joint venture and business associate.
Avamere discovered that more than 18,000 beneficiaries of a bundled payment program at MultiCare may have been involved in the breach. Avamere directly notified anyone impacted.
Earlier this month, Virginia Mason Franciscan Health’s parent company, CommonSpirit Health, was targeted in a cyberattack.
Virginia Mason Franciscan Health's St. Joseph Medical Center in Pierce County was impacted.
Healthcare organizations are an appealing target for cyber attackers — particularly those who use malware to lock up a victim organization's files and leverage the information for payment, according to Allan Liska, an analyst with the cybersecurity firm Recorded Future.
Healthcare systems in 2021 saw an unusually high amount of attacks, with 285 publicly reported worldwide, Liska added. So far, Liska's firm has tracked 155 this year with an average of 20 attacks happening a month. However, he estimated that only about 10% of ransomware attacks are publicized.