Integris Well being has reported to U.S. government that the knowledge breach it suffered remaining November uncovered private data belonging to just about 2.4 million other folks.
The group is Oklahoma’s greatest not-for-profit healthcare community, working hospitals, clinics, and emergency care gadgets around the state.
On December 26, 2023, the group showed it suffered a cyberattack after sufferers began receiving extortion emails informing that their delicate private data. Until Integris Well being met the attacker’s calls for, the stolen information would be offered to different cybercriminals on January 5, 2024.
The danger actor advised BleepingComputer that their assault didn’t contain encryption they usually handiest stole the knowledge.
This didn’t purpose any community interruption and allowed Integris Well being to stay offering its products and services to sufferers.
The emails the sufferers won from the danger actor contained correct data and related to a web page within the Tor community website hosting the stolen main points, however get entry to used to be no longer unfastened.
Guests may just pay $50 and accept as true with the attacker’s phrase on doing away with the main points, or pay $3 to view data belonging to another impacted person.
Integris printed remaining week a notification confirming that the incident impacted affected person information, which integrated the next main points:
- Complete title
- Date of beginning
- Touch data
- Demographic data
- Social Safety Quantity (SSN)
The group clarified that the leaked information didn’t contain employment data, driving force’s licenses, account credentials (usernames and passwords), or monetary data.
Chatting with BleepingComputer, the danger actor mentioned that they’re promoting on a gloomy internet market information for two.3 million Integris sufferers (in line with the choice of social safety numbers within the database).
In a brand new access these days, the U.S. Division of HHS Administrative center for Civil Rights (OCR) portal presentations that the choice of impacted Integris Well being sufferers is 2,385,646.
Integris Well being says all affected sufferers will obtain person notifications, and recipients will have to stay vigilant to identify and record id robbery and fraud makes an attempt early.
The group has printed a FAQ within the type of a PDF the place sufferers can in finding some additional info in regards to the incident, the way it affects them, and what protecting steps they may be able to take.
It’s value noting that the closing date the danger actor set for Integris Well being to pay a ransom has lengthy handed and it is rather most probably that the stolen information has been offered or percentage with different cybercriminals, who may just use it for more than a few scams, phishing, or different forms of assaults.
