Integris Well being sufferers in Oklahoma are receiving blackmail emails stating that their knowledge was stolen in a cyberattack on the healthcare community, and if they didn’t pay an extortion demand, the info can be bought to different risk actors.
Integris Well being is Oklahoma’s largest not-for-profit well being community, working hospitals, clinics, and pressing care all through the state.
The healthcare community confirmed they suffered a cyberattack in November that led to the theft of affected person knowledge.
“INTEGRIS Well being found potential unauthorized exercise on sure techniques,” reads a knowledge privateness discover on Integris Well being’s web site.
“Upon changing into conscious of the suspicious exercise, INTEGRIS Well being promptly took steps to safe the surroundings and commenced an investigation into the character and scope of the exercise.”
“The investigation decided that sure information could have been accessed by an unauthorized occasion on November 28, 2023.”
BleepingComputer has contacted Integris Well being with questions in regards to the assault however has not acquired a response.
Integris Well being sufferers extorted
In extortion emails despatched to sufferers on December twenty fourth, the hackers declare they stole the private knowledge of over 2 million sufferers within the cyberattack on Integris Well being.
This knowledge allegedly contains Social Safety Numbers, dates of beginning, addresses, cellphone numbers, insurance coverage data, and employer data.
BleepingComputer was instructed by sufferers of Integris Well being that these emails contained correct private data, confirming that affected person knowledge was stolen within the assault.
“Now we have contacted Integris Well being, however they refuse to resolve this challenge,” reads the extortion e mail despatched to Integris sufferers.
“We provide the alternative to take away your private knowledge from our databases earlier than we promote all the database to knowledge brokers on Jan 5 2024.”
The emails embody a hyperlink to a Tor extortion web site that at present lists the stolen knowledge for about 4,674,000 folks, together with their names, Social Safety Numbers, dates of beginning, and details about hospital visits.
Supply: BleepingComputer
The web site comprises knowledge added between October nineteenth and December twenty fourth, 2023, permitting guests to pay $50 to delete the info file or $3 to view it.
BleepingComputer has decided that the web site has roughly 4,674,000 knowledge information. Nonetheless, it’s unclear if any are duplicates.
Integris Well being is conscious of the emails despatched to sufferers and has up to date its safety discover to warn recipients to not reply, contact the sender, or click on on any of the hyperlinks within the e mail.
Whereas it’s not recognized who’s behind the assault on Integris Well being, comparable emails had been despatched to Fred Hutchinson Most cancers Middle (Fred Hutch) sufferers after the Hunters Worldwide ransomware gang breached the hospital.
The Fred Hutch emails additionally allowed sufferers to go to a darkish web site and delete their knowledge by paying $50, making it possible that the identical ransomware assault is behind the assault on Integris Well being.
As risk actors can use the uncovered knowledge to conduct id theft, some sufferers could also be tempted to pay to delete the info.
Nonetheless, as earlier extortion calls for have proven, paying a ransom doesn’t all the time result in the precise deletion of knowledge.
Moreover, when you pay a ransom, the risk actors know you’re involved in regards to the knowledge and should try to extort you additional.
