Solano County, California’s NorthBay Healthcare yesterday confirmed it notified 569,012 people about a January 2024 data breach that compromised the following patient info:
- Social Security numbers
- Passport numbers
- Financial account numbers
- Medical info
- Biometric info
- Health insurance info
- Driver’s license numbers
- Passport numbers
- Usernames
- Passwords
- Credit or debit card numbers, expiration dates, security codes, and PINs
NorthBay says it detected the breach on February 23, 2024, and that attackers had access to its computers and network between January 11 and April 1, 2024.
Ransomware gang Embargo claimed responsibility for the attack on its data leak site, but later removed the post. That could indicate NorthBay paid a ransom, but we have not confirmed a payment. NorthBay has not verified Embargo’s claim.
“After identifying limited suspicious activity in our network on February 23, 2024, we initiated an internal investigation, coordinated with law enforcement on identifying any unauthorized activity, and engaged a leading forensic security firm to assist in the investigation and confirm the security of our computer systems and network,” NorthBay’s notice to victims says.
NorthBay announced in April 2024 that it was hit by a cyber attack that disrupted imaging systems, check-ins, access to medical records, and NorthBay’s website. The NorthBay Vacaville Hospital was forced to turn away patients.
We do not yet know how much Embargo demanded or how attackers breached NorthBay’s network. Comparitech contacted NorthBay for comment and will update this article if it responds.
NorthBay is offering victims a year of free identity theft protection via Experian.
Who is Embargo?
Embargo first began claiming attacks in April 2024. The group operates a ransomware-as-a-service business in which affiliates pay Embargo to use its malware and infrastructure to launch attacks and collect ransoms.
Embargo has claimed 11 confirmed ransomware attacks in 2024, plus seven unconfirmed claims that haven’t been acknowledged by targeted organizations. In 2025, it has only claimed one attack so far.
Embargo also claimed responsibility for attacks on Memorial Hospital and Manor, Weiser Memorial Hospital, and American Associated Pharmacies.
Ransomware attacks on US healthcare
Ransomware attacks on hospitals clinics can lock down computer systems and steal data. Hospitals are forced to either pay a ransom or face extended downtime, data loss, and putting customers at risk of fraud. Ransomware can cripple a wide range of systems including access to medical records, appointment booking, payroll, prescriptions, patient communications, and more.
In 2024, Comparitech researchers logged 132 confirmed ransomware attacks on US hospitals, clinics, and other direct care providers, compromising the data of 22,410,209 people. This attack on NorthBay was the largest in 2024 by number of people affected.
In 2025, ransomware gangs have claimed attacks on Frederic Health and New York Blood Center Enterprises, both of which face ongoing IT disruptions as of time of writing.
Yesterday, Inc Ransomware claimed responsibility for an attack on Menominee Trible Clinic following an attack that took place over Christmas 2024.
About NorthBay Healthcare
NorthBay Healthcare operates two hospitals and more than 100 primary and specialty care providers in the Solano County, California area.
Source link
-
-
-
-
-
-
-
-
