Imagine you’re a patient in Oklahoma, and you receive an email saying your personal data was stolen during a cyberattack on the healthcare network you’re part of. The email goes on to say that if you don’t pay up, this stolen information will be sold to other criminals. This is precisely what’s happening to patients of Integris Health, Oklahoma’s largest not-for-profit health network.
Integris Health confirmed that they suffered a cyberattack in November, leading to the theft of patient data. Since then, patients have been receiving blackmail emails threatening to sell their stolen data if they don’t pay an extortion demand.
The Extortion Emails
On December 24th, hackers sent out emails to Integris Health patients, claiming they had stolen the personal data of over 2 million patients. This data allegedly includes Social Security Numbers, dates of birth, addresses, phone numbers, insurance information, and employer information. Patients have confirmed that these emails contain accurate personal details, which means that their data was indeed stolen during the attack.
The extortion emails state that the hackers have already contacted Integris Health, but the healthcare network has refused to resolve the issue. The emails then offer patients the “opportunity” to remove their personal data from the hackers’ databases before it’s sold to data brokers on January 5th, 2024.
The Tor Extortion Site
These emails include a link to a Tor extortion site that currently lists the stolen data for approximately 4,674,000 people. Visitors to this site can pay $50 to delete their data record or $3 to view it. While we have determined that the site has around 4,674,000 records, it’s unclear whether there are any duplicates among them.
Integris Health is aware of these emails sent to patients and has updated its security notice to warn recipients not to respond, contact the sender, or click on any of the links in the email.
A Familiar Pattern
While the attackers behind the Integris Health incident remain unknown, similar emails were sent to patients of the Fred Hutchinson Cancer Center (Fred Hutch) after the Hunters International ransomware gang breached the hospital. The Fred Hutch emails also directed patients to a dark web site where they could pay $50 to delete their data. This suggests that the same ransomware attack could be behind the Integris Health incident.
To Pay or Not to Pay?
With the exposed data potentially being used for identity theft, some patients might be tempted to pay the ransom to remove their data. However, as past extortion demands have shown, paying a ransom doesn’t always guarantee that the data will be deleted. Moreover, once you pay a ransom, the attackers know you’re concerned about the data and might attempt to extort you further.
Don’t Let This Happen to Your Business
If there’s one takeaway from this story, it’s that every business, regardless of its size, needs to prioritize cybersecurity. The consequences of a breach can be devastating, not just for the business itself, but for the individuals whose personal information is exposed.
At ZZ Servers, we understand the importance of protecting your business from cyber threats. We offer comprehensive IT services to safeguard your data and help you maintain compliance with industry regulations. Don’t wait until it’s too late—reach out to us today to learn how we can assist you in securing your business’s digital assets.
