Integris Health Data Breached: Patients Receive Extortion Emails, Data of 2 Million Compromised

Written by Mitchell Langley

December 27, 2023

Integris Health Data Breached: Patients Receive Extortion Emails, Data of 2 Million Compromised

Integris Health, Oklahoma’s largest not-for-profit health network, has recently experienced a cyberattack resulting in the theft of patient data. The Integris Health data breach led to Integris Health patients receiving blackmail emails claiming that their data was compromised and would be sold to other threat actors if an extortion demand was not met.

In response to the Integris Health hacking incident, the healthcare provider swiftly took action to secure their systems and initiated an investigation to understand the extent of the unauthorized activity.

Integris Health Data Breach – Integris Notifies of Breach

The investigation into Integris hospital data breach revealed that certain files may have been accessed by an unauthorized party on November 28, 2023.

The Integris Health published a data privacy notice on their website that reads:

“INTEGRIS Health discovered potential unauthorized activity on certain systems,”

“Upon becoming aware of the suspicious activity, INTEGRIS Health promptly took steps to secure the environment and commenced an investigation into the nature and scope of the activity.”

“The investigation determined that certain files may have been accessed by an unauthorized party on November 28, 2023.”

Integris Health Patients Receive Extortion Emails – Patient Data Breached

According to reports received on December 24th, the hackers behind the Integris Health data breach have sent extortion emails to patients, claiming to have stolen the personal data of over 2 million patients.

The compromised data is said to include sensitive information such as Social Security Numbers, dates of birth, addresses, phone numbers, insurance details, and employer information.

This information has been independently verified by patients who have received these emails, confirming that their personal data was indeed compromised in the Integris Health cyberattack.

The extortion email sent to the patients reads:

“We have contacted Integris Health, but they refuse to resolve this issue,”

“We give you the opportunity to remove your personal data from our databases before we sell the entire database to data brokers on Jan 5 2024.”

Integris Health Data Breach Goes Public on Tor Extortion Site

The perpetrators of the Integris healthcare data breach have included a link to a Tor extortion site in the blackmail emails. This website currently displays stolen data for approximately 4,674,000 individuals, comprising their names, Social Security Numbers, dates of birth, and details of their hospital visits.

The website allows visitors to pay $50 to have their data record deleted or $3 to simply view it. It is important to note that the total number of data records includes duplicates, and the exact count of unique records remains unclear.

Integris Health Data Breach Goes Public on Tor Extortion Site

Integris Health is actively aware of the emails sent to patients and has promptly updated its security notice to caution recipients against responding, contacting the sender, or clicking on any links provided in the email.

Integris is not the first hospital hit with data breach; similar emails were sent to patients of the Fred Hutchinson Cancer Center (Fred Hutch) following a breach by the Hunters International ransomware gang. The similarity between the two cases suggests the possibility of the same ransomware threat actors who were also behind the Integris Health cyber attack.

Considering the potential risk of identity theft resulting from the exposed data, some patients may be tempted to pay the ransom to have their data deleted. However, previous experiences with extortion demands have demonstrated that paying the ransom does not always guarantee the actual deletion of data. Moreover, paying the ransom exposes one’s concern, making them susceptible to further extortion attempts by the threat actors.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!