Integris Health Data Breach, Patients have been notified affecting their data. The biggest nonprofit healthcare system in Oklahoma, Integris Health has begun notifying patients about a data breach that may have compromised their data.
According to Integris Health’s incident notice on its website, the data breach happened at the end of November, but the attack did not affect the healthcare provider’s operations.
Names, contact details, dates of birth, demographic information, and Social Security numbers are among the compromised personal data, according to the organization.
Integris Health states that each person’s personal information may be impacted differently.
According to the healthcare network, payment details, login credentials, and driver’s license numbers have not been impacted by the incident.
“As soon as Integris Health received word of the incident, it moved quickly to look into the whole extent of the problem. Integris Health is taking extra precautions and alerting anyone who might be impacted, in addition to offering guidance on how to safeguard personal data, according to the organization.
The healthcare network warns that a hacking group claiming responsibility for the attack has been sending messages to some of the affected patients.
Integris Health states, “We advise anyone receiving such communications not to reply, not to get in touch with the sender, and not to do any of the instructions, including clicking on any links.”
The attackers threaten to sell the stolen data on the dark web and claim to have taken over two million people’s personal information. Additionally, the hackers are supplying data samples to back up their assertions.
The hacking group is allegedly selling the personal data of millions of people on a website hosted on Tor. But it’s unclear if the hackers are a new threat actor, a rebranding, or connected to any established organizations.
“We are still looking into this incident to find out how much data was affected, as well as who was affected and their contact details. After everything is finished, we will let those who were affected know and offer them free credit monitoring, according to Integris Health.
Email extortion follows a cyberattack on patients of Integris Health
Patients of Integris Health in Oklahoma are getting emails threatening to sell their data to other threat actors if they do not pay an extortion demand, claiming that their data was stolen in a cyberattack on the healthcare network.
Operating hospitals, clinics, and urgent care centers across the state, Integris Health is the largest not-for-profit health network in Oklahoma.
The healthcare network acknowledged that they were the victim of a cyberattack in November that resulted in patient data theft.
A data privacy notice on Integris Health’s website states, “INTEGRIS Health discovered potential unauthorized activity on certain systems.”
“Upon becoming aware of the suspicious activity, INTEGRIS Health promptly took steps to secure the environment and commenced an investigation into the nature and scope of the activity.”
“The investigation determined that an unauthorized party may have accessed certain files on November 28, 2023.”
The hackers claim to have stolen the personal information of over two million patients during the hack on Integris Health in extortion emails sent to patients on December 24.
Allegedly, this data consists of Social Security numbers, dates of birth, addresses, phone numbers, insurance details, and employment details..
Patients at Integris were sent an extortion email that said, “We have contacted Integris Health, but they refuse to resolve this issue.”
“We allow you to remove your data from our databases before we sell the entire database to data brokers on Jan 5, 2024.”
The emails contain a link to a Tor extortion website that at the moment has 4,674,000 people’s names, Social Security numbers, dates of birth, and medical visitation information among its stolen data.
Visitors can pay $50 to view or $50 to delete data records that were added to the website between October 19 and December 24, 2023.
According to BleepingComputer, the website contains about 4,674,000 data records. Whether any are duplicates is unknown, though.
Knowing about the emails sent to patients, Integris Health has revised its security notice to advise recipients not to reply, get in touch with the sender, or click on any of the links within the message.
Similar emails were sent to patients of Fred Hutchinson Cancer Centre (Fred Hutch) following a hack by the Hunters International ransomware gang, though the identity of the attacker behind the attack on Integris Health is unknown.
The Integris Health attack is probably being carried out by the same ransomware attack that was responsible for the Fred Hutch emails, which also gave patients the option to visit a dark website and pay $50 to have their data deleted.
Some patients might be tempted to pay to have the data deleted because threat actors could use it to commit identity theft.
However as prior ransomware demands have demonstrated, data deletion is not always the result of ransom payments.
In addition, the threat actors may try to further extort you after you pay the ransom since they will now know that you are worried about the data.