MultiCare Announces Breach That Could Impact Over 18,000 Patients' Health Data and Records


A hacker recently obtained unauthorized access to over 18,000 former MultiCare Health System patients' private information, according to a Wednesday press release.

Avamere Health Services, an Oregon-based health group and MultiCare business partner, announced on its website that it discovered a data breach last July. It said the unauthorized user gained access to and possibly deleted the information of patients who received services between September 2016 and November 2021. The website lists dozens of hospitals and health systems impacted by the hack, including MultiCare.

In MultiCare's release, spokesperson Lori Meyers wrote that as many as 18,615 MultiCare patients' medical conditions, service dates and provider names were at risk from the data breach. The Health Insurance Portability and Accountability Act (HIPAA), a federal regulation that protects individuals' health information, prohibits health care providers from sharing such information, and requires agencies like MultiCare and Avemere to protect it.

In an email to The News Tribune, Meyers wrote that the MultiCare patients impacted used the Connected Care Network, a subsidiary of the health system. The release states that if the health information of a patient was compromised, Avamere will reach out directly to affected patients.

Avamere's website said it will provide free credit monitoring services to anyone impacted by the hack, although it did not indicate financial data had been stolen in the incident.

MultiCare is one of the largest hospital systems in Pierce County. It maintains the two largest hospitals in the county: Tacoma General/Allenmore and Good Samaritan hospitals. It also runs Mary Bridge, the main children's hospital in the region, and Capital Medical Center, a major healthcare facility in Olympia.