Integris Health patients in Oklahoma are receiving blackmail emails stating that their data was stolen in a cyberattack on the healthcare network, and if they did not pay an extortion demand, the data would be sold to other threat actors.
Integris Health is Oklahoma's largest not-for-profit health network, operating hospitals, clinics, and urgent care throughout the state.
The healthcare network confirmed they suffered a cyberattack in November that led to the theft of patient data.
BleepingComputer has contacted Integris Health with questions about the attack but has not received a response.
In extortion emails sent to patients on December 24th, the hackers claim they stole the personal data of over 2 million patients in the cyberattack on Integris Health.
This data allegedly includes Social Security Numbers, dates of birth, addresses, phone numbers, insurance information, and employer information.
BleepingComputer was told by patients of Integris Health that these emails contained accurate personal information, confirming that patient data was stolen in the attack.
The emails include a link to a Tor extortion site that currently lists the stolen data for approximately 4,674,000 people, including their names, Social Security Numbers, dates of birth, and information about hospital visits.
The website contains data added between October 19th and December 24th, 2023, allowing visitors to pay $50 to delete the data record or $3 to view it.
BleepingComputer has determined that the website has approximately 4,674,000 data records.
Integris Health is aware of the emails sent to patients and has updated its security notice to warn recipients not to respond, contact the sender, or click on any of the links in the email.
While it is not known who is behind the attack on Integris Health, similar emails were sent to Fred Hutchinson Cancer Center patients after the Hunters International ransomware gang breached the hospital.
The Fred Hutch emails also allowed patients to visit a dark website and delete their data by paying $50, making it likely that the same ransomware attack is behind the attack on Integris Health.
As threat actors can use the exposed data to conduct identity theft, some patients may be tempted to pay to delete the data.
As previous extortion demands have shown, paying a ransom does not always lead to the actual deletion of data.
Once you pay a ransom, the threat actors know you are concerned about the data and may attempt to extort you further.
Healthcare software provider data breach impacts 2.7 million.
Ransomware gang behind threats to Fred Hutch cancer patients.
Navy contractor Austal USA confirms cyberattack after data leak.
Welltok data breach exposes data of 8.5 million US patients.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 26 Dec 2023 20:05:39 +0000