IT Solutions Co. Netgain Technology Failed to Secure Systems from Cybercriminals, Class Action Alleges

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action alleges Netgain Technology’s failure to safeguard the confidential, personally identifiable information of hundreds of thousands of consumers is to blame for a late-September 2020 data breach. 

The 27-page lawsuit asserts that although Netgain, a cloud-enabled IT solutions and managed services company, purports to provide cybersecurity solutions for its clients, who include healthcare providers and accounting firms, the defendant negligently allowed an unauthorized party to access troves of files and records last year by using compromised credentials.  

Information potentially exposed in the breach, which targeted Netgain’s domain controllers that manage networks of thousands of servers, includes Social Security, driver’s license and bank account numbers; names; and dates of birth, the case says. Also compromised was personal health information, such as medical record numbers, health insurance policy and identification details, clinical notes, lab results, immunization data, referral requests and medical disclosure logs, the suit relays. 

“Indeed, Netgain offers cybersecurity solutions, yet failed to secure its own systems from cybercriminals,” the complaint reads, noting that Netgain did not send proposed class members notice of the breach until late March 2021, more than four months after the incident was detected. 

Per the lawsuit, an unauthorized party was able to access Netgain’s “digital environment” in late September 2020 due to the defendant’s “inadequate data security and failure to comply with federal and state data privacy standards.” Netgain clients whose files were supposedly exfiltrated by the perpetrator include Neighborhood Healthcare, Health CenterPartners of Southern California, Woodcreek Provider Services, Apple Valley Clinic/Allina Health, Ramsey County, Sandhills Medical Foundation and Crystal Practice Management, the case says. 

That same month, an unidentified third party then launched a ransomware attack against Netgain using the data exfiltrated in the breach, forcing the defendant to take some of its data centers offline as a protective measure to contain the threat, the suit continues. According to the complaint, Netgain reportedly paid a $2.3 million ransom to the cybercriminals to restore its systems and to confirm that all copies of the data would be deleted and not sold, published or otherwise disclosed publicly. 

Those whose data was compromised in the incident are at an increased risk of identity theft and must now undertake additional measures to protect their data, the case stresses. 

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.