Integris Well being sufferers in Oklahoma are receiving blackmail emails stating that their knowledge was stolen in a cyberattack on the healthcare community, and if they didn’t pay an extortion demand, the info can be offered to different risk actors.
Integris Well being is Oklahoma’s largest not-for-profit well being community, working hospitals, clinics, and pressing care all through the state.
The healthcare community confirmed they suffered a cyberattack in November that led to the theft of affected person knowledge.
“INTEGRIS Well being found potential unauthorized exercise on sure methods,” reads a knowledge privateness discover on Integris Well being’s web site.
“Upon changing into conscious of the suspicious exercise, INTEGRIS Well being promptly took steps to safe the atmosphere and commenced an investigation into the character and scope of the exercise.”
“The investigation decided that sure recordsdata could have been accessed by an unauthorized occasion on November 28, 2023.”
BleepingComputer has contacted Integris Well being with questions concerning the assault however has not obtained a response.
Integris Well being sufferers extorted
In extortion emails despatched to sufferers on December twenty fourth, the hackers declare they stole the private knowledge of over 2 million sufferers within the cyberattack on Integris Well being.
This knowledge allegedly consists of Social Safety Numbers, dates of beginning, addresses, telephone numbers, insurance coverage info, and employer info.
BleepingComputer was advised by sufferers of Integris Well being that these emails contained correct private info, confirming that affected person knowledge was stolen within the assault.
“We’ve contacted Integris Well being, however they refuse to resolve this problem,” reads the extortion electronic mail despatched to Integris sufferers.
“We provide the alternative to take away your private knowledge from our databases earlier than we promote your complete database to knowledge brokers on Jan 5 2024.”
The emails embrace a hyperlink to a Tor extortion web site that at the moment lists the stolen knowledge for about 4,674,000 folks, together with their names, Social Safety Numbers, dates of beginning, and details about hospital visits.
Supply: BleepingComputer
The web site incorporates knowledge added between October nineteenth and December twenty fourth, 2023, permitting guests to pay $50 to delete the info report or $3 to view it.
BleepingComputer has decided that the web site has roughly 4,674,000 knowledge data. Nonetheless, it’s unclear if any are duplicates.
Integris Well being is conscious of the emails despatched to sufferers and has up to date its security discover to warn recipients to not reply, contact the sender, or click on on any of the hyperlinks within the electronic mail.
Whereas it’s not recognized who’s behind the assault on Integris Well being, comparable emails had been despatched to Fred Hutchinson Most cancers Middle (Fred Hutch) sufferers after the Hunters Worldwide ransomware gang breached the hospital.
The Fred Hutch emails additionally allowed sufferers to go to a darkish web site and delete their knowledge by paying $50, making it seemingly that the identical ransomware assault is behind the assault on Integris Well being.
As risk actors can use the uncovered knowledge to conduct id theft, some sufferers could also be tempted to pay to delete the info.
Nonetheless, as earlier extortion calls for have proven, paying a ransom doesn’t at all times result in the precise deletion of information.
Moreover, when you pay a ransom, the risk actors know you’re involved concerning the knowledge and should try and extort you additional.
