Integris Health, Oklahoma’s largest not-for-profit healthcare network, has informed U.S. authorities that a data breach in November 2023 compromised the personal information of nearly 2.4 million individuals. The healthcare organization, operating hospitals, clinics, and emergency care units statewide, confirmed the cyberattack on December 26, 2023, after patients received extortion emails threatening to sell their sensitive data if Integris Health did not meet the attacker’s demands by January 5, 2024.
The threat actor, as reported by BleepingComputer, claimed that the attack did not involve encryption, and data was the sole target. Despite no network interruptions, Integris Health maintained its services to patients. The extortion emails contained accurate patient information and linked to a Tor network-hosted website where visitors could pay $50 for data removal or $3 to view information of other impacted individuals.
Integris Health disclosed that the compromised patient data included full names, dates of birth, contact information, demographic details, and Social Security Numbers (SSN). Notably, the breach did not expose employment information, driver’s licenses, account credentials, or financial data.
Speaking to BleepingComputer, the threat actor claimed to be selling data for 2.3 million Integris patients on a dark web marketplace, corresponding to the number of SSNs in the database. The U.S. Department of Health and Human Services Office for Civil Rights (OCR) portal now reflects the impact on 2,385,646 Integris Health patients.
Integris Health assured affected patients that they would receive individual notifications and urged them to remain vigilant against identity theft and fraud attempts. The organization released a FAQ in PDF format to provide additional information about the incident, its impact, and recommended protective measures.
Despite the ransom deadline passing, it is likely that the stolen data has been sold or shared among cybercriminals, raising concerns about potential scams, phishing, or other malicious activities targeting the affected individuals. The incident emphasizes the ongoing challenges in securing sensitive healthcare data and highlights the importance of robust cybersecurity measures in the healthcare sector.
