Connect with us

Malware

Integris Health Reveals Massive Data Breach Affecting 2.4 Million Patients: Urgent Update

Integris Health has reported a data breach that impacted 2.4 million patients. The breach was linked to the theft of an employee’s laptop and two hard drives, which contained personal data such as names, addresses, and medical information. Integris has not yet announced any plans to provide identity theft protection to affected patients.

Published

on

A nurse at Integris Health is walking down a hallway, attending to patients.

A Massive Data Breach Hits Oklahoma’s Largest Healthcare Network

Integris Health, Oklahoma’s largest not-for-profit healthcare network, recently revealed the extent of a data breach it suffered last November. The breach exposed the personal information of nearly 2.4 million people, making it a significant incident that demands attention.

Patients Receive Extortion Emails as a Result of the Breach

In December 2023, Integris Health confirmed it had suffered a cyberattack after patients started receiving extortion emails. These emails contained sensitive personal information and threatened that the stolen data would be sold to other cybercriminals unless the healthcare organization met the attacker’s demands by January 5, 2024.

Interestingly, the attackers claimed that their attack did not involve encryption, and they only stole the data. As a result, Integris Health’s network remained functional, allowing them to continue providing services to patients.

Stolen Patient Data Available on the Dark Web

The emails that patients received included accurate information and linked to a website on the Tor network hosting the stolen details. However, access to this information was not free. Visitors could either pay $50 and take the attacker’s word that their details would be removed, or pay $3 to view information belonging to any other impacted individual.

What Kind of Data Was Leaked?

In a recent notification, Integris Health confirmed the types of patient data impacted by the breach:

  • Full name
  • Date of birth
  • Contact information
  • Demographic information
  • Social Security Number (SSN)

Fortunately, the leaked data did not involve employment information, driver’s licenses, account credentials (usernames and passwords), or financial information.

A Dark Web Marketplace and the Number of Affected Patients

The attackers claimed they were selling data for 2.3 million Integris patients on a dark web marketplace. However, the U.S. Department of HHS Office for Civil Rights (OCR) portal now shows that the number of impacted Integris Health patients is actually 2,385,646.

What’s Next for the Affected Patients?

Integris Health says all affected patients will receive individual notifications. They encourage recipients to remain vigilant and report any identity theft or fraud attempts as soon as possible.

The organization has also published an FAQ in the form of a PDF that offers additional information about the incident, its impact on patients, and protective steps they can take.

Be Prepared for the Aftermath

It’s essential to remember that the deadline set by the threat actor for Integris Health to pay a ransom has long passed, meaning the stolen data has likely been sold or shared with other cybercriminals. These criminals could use the information for various scams, phishing, or other types of attacks.

Stay Informed and Stay Protected

As an IT Services expert, we’re here to help you stay informed about cybersecurity threats and offer guidance on how to protect yourself and your organization. Contact us to keep learning more and ensure you’re prepared for the ever-evolving landscape of cybersecurity.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

ALPHV Ransomware Strikes: LoanDepot and Prudential Financial Suffer Devastating Breaches

AlphV ransomware operators claim to have breached loanDepot and Prudential Financial, allegedly exfiltrating sensitive data. Both companies are investigating the incidents, emphasizing the need for strong cybersecurity measures in the finance sector. Learn more about the AlphV ransomware group’s attack methods and the potential impact on these financial institutions.

Published

on

A man in a hoodie with a laptop in front of a city, representing the growing threat of ALPHV Ransomware.

A Recent Cybersecurity Breach: What Happened?

Did you hear about the recent ransomware attack on Prudential Financial and loanDepot? The ALPHV/Blackcat cyber gang has claimed responsibility for these breaches. The two companies were recently added to ALPHV’s dark web leak site, and the cybercriminals have some unsettling plans.

For loanDepot, the attackers plan to sell the stolen data, while for Prudential, they intend to release the data for free after failed negotiations. Let’s take a closer look at the impact of these breaches on the companies and their customers.

loanDepot: Mortgage Lender in Trouble

loanDepot, one of the largest U.S. nonbank retail mortgage lenders, confirmed a ransomware attack on January 8th. At least 16.6 million people had their personal information stolen in this attack. The company has since announced that it will notify those impacted and provide them with free credit monitoring and identity protection services.

Prudential Financial: Employee and Contractor Data Stolen

Prudential Financial, the second-largest life insurance company in the U.S., also fell victim to a network breach. The company revealed that a suspected cybercrime group breached its network on February 4th and stole employee and contractor data. So far, there’s no evidence that customer or client data was also stolen, but an ongoing investigation is assessing the full scope and impact of the incident.

Who’s Behind This?

The ALPHV gang, believed to be a rebrand of the DarkSide and BlackMatter ransomware operations, is responsible for these attacks. You might remember this group from the notorious Colonial Pipeline attack, which led to extensive investigations by law enforcement agencies worldwide. The gang has since gone through two rebrands.

A Call to Action: Stop ALPHV

The U.S. State Department recently announced rewards of up to $10 million for tips that could lead to the identification or location of ALPHV gang leaders. Additionally, a $5 million reward is offered for information on individuals linked to or attempting to participate in ALPHV ransomware attacks.

The FBI has linked the group to over 60 breaches worldwide during its first four months of activity. They estimate that ALPHV has raked in at least $300 million in ransom payments from over 1,000 victims until September 2023.

What Can We Learn From This?

These recent breaches serve as a stark reminder of the importance of cybersecurity for businesses and individuals alike. The threats posed by cybercriminals are ever-evolving, and staying informed is key to protecting yourself and your data.

At IT Services, we’re committed to keeping you updated on the latest cybersecurity news and helping you stay protected. Don’t hesitate to contact us for guidance and support. And remember, keep coming back to learn more about how to stay safe in the digital world!

Continue Reading

Malware

Bank of America Alerts Clients of Data Breach Following Devastating Vendor Hack

Bank of America (BoA) has issued a data breach warning to customers after a third-party vendor suffered a cyber attack. BoA disclosed that customers’ Paycheck Protection Program (PPP) loan application data was exposed, including contact information and Social Security numbers. BoA is offering free identity theft protection services to affected customers.

Published

on

A Bank of America sign against a backdrop of a blue sky.

Bank of America warns customers of data breach

Imagine you’re settling in for the evening, ready to unwind after a long day at work, and you receive an email from your bank. The subject line reads “Important: Data Breach Notification.” Your heart sinks. What’s going on? Well, that’s the situation many Bank of America customers are currently facing after the bank recently warned them of a data breach that exposed their personal information due to a service provider getting hacked last year.

The exposed data includes names, addresses, social security numbers, dates of birth, and financial information, such as account and credit card numbers. While the exact number of affected customers remains undisclosed, Infosys McCamish Systems (IMS), the vendor whose systems were compromised, reported that 57,028 individuals had their data exposed in the incident. To put this into perspective, Bank of America serves approximately 69 million clients across the globe.

How did this happen?

IMS, a subsidiary of IT consulting giant Infosys, experienced a cybersecurity event in early November 2023 when an unauthorized third party accessed its systems. This resulted in the non-availability of certain IMS applications, and on November 24, IMS informed Bank of America that data concerning deferred compensation plans serviced by the bank may have been compromised. It’s essential to note that Bank of America’s own systems were not breached in this incident.

Unfortunately, it is unlikely that we’ll ever know for sure what personal information was accessed during this breach at IMS.

The LockBit ransomware attack on IMS

So who’s behind this attack? The LockBit ransomware gang claimed responsibility for the IMS breach, stating that its operators encrypted over 2,000 systems during the attack. Since its emergence in September 2019, the LockBit ransomware-as-a-service (RaaS) operation has targeted many high-profile organizations.

In June, cybersecurity authorities in the United States and partners worldwide released a joint advisory estimating that the LockBit gang has extorted at least $91 million from U.S. organizations following roughly 1,700 attacks since 2020.

What’s next?

As a Bank of America customer, or any bank customer for that matter, you might be wondering what you can do to protect yourself from such incidents in the future. While the banks and their service providers should take the utmost precautions to safeguard your data, there’s no harm in taking some steps on your own to ensure your information remains secure.

Regularly monitor your account statements for any suspicious activity, strengthen your passwords, and be cautious about sharing personal information online. You can also consider using credit monitoring services to stay informed about any potential identity theft threats.

Stay informed and stay protected

At IT Services, we understand how important it is to stay updated on the latest cybersecurity threats and best practices. That’s why we’re committed to keeping you informed and providing expert advice to help keep your personal data secure.

So why not stay connected with us? Together, we can navigate the ever-evolving cybersecurity landscape and work towards a more secure digital future. Contact us or keep coming back to learn more about how you can protect yourself and your data from cyber threats.

Continue Reading

Malware

FCC Demands Telecom Providers to Reveal PII Data Breaches within 30 Days: A Bold Move for Enhanced Security

The Federal Communications Commission (FCC) has ordered telecom carriers to report data breaches involving personally identifiable information (PII) within 30 days. The ruling aims to protect consumers and businesses from fraud and identity theft, ensuring the telecom industry adheres to the same data breach reporting standards as other sectors.

Published

on

Continue Reading

Trending

Copyright © 2023 IT Services Network.