Malware
Explosive 3AM Ransomware Attack Exposes Data of 464,000 Kootenai Health Patients
Cybercriminals have stolen the data of 464,000 Kootenai Health patients in a 3AM ransomware attack. The breach exposed personal and medical information, increasing the risk of identity theft. Kootenai Health is providing free credit monitoring to affected individuals while investigating the incident and bolstering their security measures.
Imagine waking up at 3 AM, feeling restless and uneasy. You check your phone and discover that your personal information has been compromised in a massive data breach. This nightmare became a reality for over 464,000 Kootenai Health patients who had their sensitive data stolen and leaked by the 3AM ransomware operation.
Kootenai Health is a not-for-profit healthcare provider in Idaho, operating the region’s largest hospital and providing a variety of medical services, from emergency care to cancer treatment. Unfortunately, cybercriminals targeted their IT systems, causing disruption and gaining unauthorized access to sensitive patient data.
Timeline of the Cyberattack
In early March 2024, we became aware of unusual activity that disrupted access to certain IT systems at Kootenai Health. An ongoing investigation revealed that the cybercriminals gained unauthorized access to the systems on February 22, 2024, giving them ten days to roam the network and steal sensitive data. The examination of what data has been stolen as a result of this breach concluded on August 1, 2024, and confirmed the following information as exposed:
- Full names
- Dates of birth
- Social Security numbers (SSNs)
- Driver’s Licenses
- Government ID numbers
- Medical record numbers
- Medical treatment and condition information
- Medical diagnoses
- Health insurance information
Kootenai Health states that it’s unaware of any misuse of the stolen information. Impacted individuals have been provided with instructions on how to enroll in 12-24 months of identity protection services, depending on what data was exposed.
For more information and support links, patients can visit the hospital’s announcement published on the Kootenai Health website.
3AM Ransomware: The Culprit Behind the Leak
The 3AM ransomware gang has claimed responsibility for the attack and leaked the stolen data on its darknet portal, indicating that a ransom was not paid. The stolen data consists of a 22GB archive, available for free, allowing any other cybercriminal to download the data and utilize it in further attacks.
First reported in September 2023, 3AM is a Rust-based ransomware strain that has seen limited deployment as a fallback option when more proven lockers failed. In January, Intrisec analysts reported notable links between 3AM, Conti, and the Royal ransomware gangs, suggesting some association between the three groups.
Protect Yourself and Stay Informed
It’s essential to keep up-to-date on cybersecurity news and threats, especially if you’ve been affected by a data breach like the one at Kootenai Health. We’re here to help you navigate the ever-changing landscape of cyber threats and provide you with the information you need to protect yourself and your data.
Stay vigilant and let us be your go-to resource for the latest cybersecurity updates and best practices.