HQ/EMEAFind out how we can help your business
Kootenai Health confirmed a data breach incident on its system that affected 464,000 patients. Based on reports, the 3AM ransomware group is the organiser of the attack that took and released the institution’s patient personal information.
The company also rolled out notification alerts for its patients who have gotten care at its institutions. The warning message states that the company discovered a cyberattack in early March 2024, damaging some parts of its IT systems.
Further investigation also reveals that the cybercriminals acquired illegal access to the healthcare institution’s computers on February 22, 2024, allowing them to navigate the infected system for ten days without raising alerts and then collect important information.
In addition, the organisation’s filing of the incident to Maine’s AG Office states that on March 2, 2024, it became aware of suspicious activity that blocked access to various IT systems. The inquiry indicated that an unauthorised party may have acquired illegal access to specific data from the Kootenai Health network on or around February 22, 2024.
3AM ransomware acquired various data after attacking Kootenai Health.
The confirmed data that the 3AM ransomware stole from Kootenai Health includes full names, dates of birth, Social Security numbers, driver’s licenses, government ID numbers, medical record numbers, medical treatment and condition information, medical diagnosis, and health insurance information.
However, Kootenai Health stated that they have yet to discover misuse of the stolen information. It also included directions in its notification letters for impacted individuals to sign up for one-year or two-year identity protection services based on the disclosed data.
On the other hand, the 3AM ransomware gang claimed responsibility for the attack and released stolen data on its dark web page. This move from the threat actor implies that no ransom was paid.
The exposed stolen material consists of a free 22GB archive, which other malicious entities can download and use in other cybercriminal operations, such as phishing and identity theft. Therefore, the potentially affected patients should be more cautious in engaging with unsolicited communications as other threat groups that might have downloaded the exposed data could target them.
