Native American Rehabilitation Association of the Northwest Impacted by Malware Attack


Native American Rehabilitation Association of the Northwest, Inc., (NARA) a Portland, OR-based supplier of education, physical and mental health services and substance abuse treatment services to native Americans, is making contact with clients in relation to a malware infection that may have allowed unauthorized people to obtain to gain access to their protected health information.

NARA has revealed that the attack took place on November 4, 2019. The malware iat first got around security systems but was discovered later that day. The threat was mitigated by November 5, 2019 and all passwords on email accounts were returned to normal by November 6.

The malware was found to be the Emotet Trojan: A credential stealer that can also obtain emails and files in email attachments. It is therefore possible that the hackers obtained emails and attachments in the impacted accounts, some of which held protected health information.

A NARA press release on January 3, 2020 stated that the forensic investigation discovered that the protected health information of 344 individuals was either accessed by the hackers or there was a high risk of the information being obtained. Another group of patients was also potentially impacted. For this group, no proof of unauthorized access was identified.

The range of data contained in the email accounts varied from person to person and may have incorporated names, home addresses, Social Security numbers, birth dates, and medical record or patient ID numbers. A small amount of individuals also had clinical information exposed, including diagnoses, services received, treatment information, and treatment dates.

Overall up to 25,187 individuals may have been affected, according to the breach notice published on the HHS’ Office for Civil Rights’ Breach portal.

Jacqueline Mercer, CEO of NARA NW said: “It is sad that there are people in the world whose intent is to cause harm and distress to vulnerable populations such as our clients. Words cannot express how truly sorry we are that our clients and NARA NW have been subjected to this malware attack.”

A new endpoint protection solution has now been put in place on all computers which reviews for suspicious activity. Policies and procedures are being invesitgated and will be updated as necessary and staff have been given with more security awareness training.