everest attacks MultiCare

Incident Date:

October 15, 2022

World map



everest attacks MultiCare






Puyallup, USA

Washington, USA

First Reported

October 15, 2022

MultiCare Health System Suffers Ransomware Attack, Exposing Employee Data

MultiCare Health System, a not-for-profit healthcare organization based in Washington State, has been targeted by a ransomware group known as Everest. The attack, which occurred in early June 2022, affected a third-party printing vendor, Kaye-Smith, which prints W-2 and 1099 forms for MultiCare. As a result, the names, addresses, and Social Security numbers of a number of current and former MultiCare employees were stolen in the cyberattack.

MultiCare was officially informed of the breach on September 30, 2022, and Kaye-Smith took immediate steps to re-secure the affected data and instituted a monitoring program to search for any exposure of the data involved in this incident. The vendor has seen no evidence that any of the data was or will be made available to the public.

MultiCare, which has been caring for Pacific Northwest communities since 1882, operates 12 hospitals and numerous primary care, urgent care, and specialty services. The organization has more than 20,000 team members, including employees, providers, and volunteers. Despite its size and extensive network of care, MultiCare has been affected by several third-party data breaches in recent years. In early 2022, Avamere Health Services LLC, a third-party entity that provides contracted services to Physicians of Southwest Washington (PSW), a joint venture and business associate of MultiCare, experienced unauthorized access to its network's systems, potentially compromising the data of 18,615 beneficiaries of MultiCare's Bundled Payment for Care Improvement Advanced program.

The ransomware attack on MultiCare highlights the vulnerabilities of healthcare organizations to cyber threats, particularly when they rely on third-party vendors for critical services. It underscores the importance of robust cybersecurity measures and continuous monitoring to protect sensitive information and prevent data breaches.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.