HQ/EMEAFind out how we can help your business
Patients affiliated with Integris Health in Oklahoma now face cyber threats and extortion after a recent cyberattack on the state’s largest not-for-profit health network.
This breach last month has affected more than 2 million patients since the hackers started leveraging the stolen personal information for their extortion tactics. Based on reports, the attackers are threatening the patients that they will expose their data if they do not comply with their demands.
Integris Health, known for its network of hospitals, clinics, and urgent care facilities, confirmed the cyberattack in a data privacy notice on its website. The notice revealed that their security team detected unauthorised activity on specific systems.
This observation prompted the healthcare institution to secure its environment and initiate an investigation quickly. Unfortunately, this investigation revealed that an unauthorised party may have accessed particular files on November 28, 2023.
Patients under Integris Health started receiving extortion emails a day before Christmas.
Patients affiliated with Integris Health began receiving extortion emails on December 24. The hackers claimed they stole data, such as Social Security Numbers, dates of birth, addresses, phone numbers, insurance information, and employer details. Some patients reported that the emails contained accurate personal information, confirming the severity of the situation.
The extortion emails outlined a demand for payment to prevent the sale or leak of the entire database to data brokers by January 5, 2024. A link in the email redirected the recipients to a Tor extortion site, showing stolen data for approximately 4,674,000 individuals and an option to pay $50 for data deletion or $3 to view it.
On the other hand, Integris Health updated its security notice, warning patients not to respond to extortion emails or click on any attached links. However, the problem persists as patients are anxious about the potential consequences of identity theft.
Therefore, the situation could worsen since victims consider paying hackers to delete their data. Unfortunately, compliance with ransom demands does not guarantee data deletion. Lastly, Integris Health is in a conflict since some victims are willing to pay the hackers while the affected institution has yet to finish its investigation.
