Kootenai Well being has disclosed a data breach impacting over 464,000 sufferers after their private info was stolen and leaked by the 3AM ransomware operation.
Kootenai Well being is a not-for-profit healthcare supplier in Idaho, working the most important hospital within the area, providing a variety of medical companies, together with emergency care, surgical procedure, most cancers therapy, cardiac care, and orthopedics.
The group is notifying sufferers who obtained care at its amenities that it detected a cyberattack in early March 2024, which disrupted sure IT programs.
An ongoing investigation exhibits that the cybercriminals gained unauthorized entry to Kootenai’s programs on February 22, 2024, permitting the risk actors ten days to roam the community and steal delicate information.
“On March 2, 2024, Kootenai Well being turned conscious of bizarre exercise that disrupted entry to sure IT programs,” reads the notification submitted to Maine’s AG Workplace.
“The investigation revealed that an unknown actor could have gained unauthorized entry to sure information from the Kootenai Well being community on or about February 22, 2024.”
The examination of what information has been stolen because of this breach was concluded on August 1, confirming the next as uncovered:
- Full names
- Dates of start
- Social Safety numbers (SSNs)
- Driver’s Licenses
- Authorities ID numbers
- Medical file numbers
- Medical therapy and situation info
- Medical diagnoses
- Medical health insurance info
Kootenai Well being states that it is unaware of any misuse of the stolen info. It additionally enclosed directions for impacted people to enroll in 12-24 months of identification safety companies, relying on what information was uncovered.
Sufferers may additionally go to the hospital’s announcement revealed on the Kootenai Well being web site for extra info and assist hyperlinks.
3AM ransomware leaks the info
The 3AM ransomware gang has claimed duty for the assault and leaked stolen information on its darknet portal, indicating {that a} ransom was not paid.
The stolen information consists of a 22GB archive, obtainable without spending a dime, permitting every other cybercriminal to obtain the info and put it to use in additional assaults.
Supply: BleepingComputer
3AM is a Rust-based ransomware pressure first reported in September 2023, seeing restricted deployment as a fallback choice for when extra confirmed lockers failed.
In January, Intrisec analysts reported seeing notable hyperlinks between 3AM, Conti, and the Royal ransomware gangs, suggesting some affiliation between the three gangs.
