DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Oklahoma City Indian Clinic impacted by Suncrypt’s ransomware attack

Posted on March 28, 2022 by Dissent

The Oklahoma City Indian Clinic (OKCIC) serves 20,000 patients from more than 200 different Native American tribes. A note on their website and their Twitter account currently apologizes that due to technological issues, the pharmacy automatic refill line and mail order services will be down for an indeterminate amount of time.

March 21 Tweet
A March 21 tweet asks patients to call the pharmacy if they need refills and to have all their information available.

The home page of their website now reads:

Oklahoma City Indian Clinic recently experienced a network disruption that is impacting our ability to access certain computer systems. We immediately began an internal review and are actively working with our IT staff and third-party specialists towards a resolution. We will keep our community updated as we learn more information.  Please visit our website and social media accounts (Facebook, Twitter and Instagram) for updates.

The explanation for the “technological issues” appears to be a ransomware attack by Suncrypt, who have added the clinic to their dedicated leak site. Suncrypt claims that they have acquired 350GB+ of files including electronic health records databases and financial documents.

“We will be publishing full leak if we do not reach a negotiation soon,” Suncrypt threatens. As proof of claim, they provide two small archives of files, including a filetree.

The Suncrypt ransomware group was first observed in October, 2019, and there was a long gap in their public appearances this past year. They have recently re-emerged and started updating their dark web leak site.  Their notice to Press now reads:

The Suncrypt group is a huge fan of a Win-Win style of negotiations and the minimal damage policy, but we are forced to release the data of the entities that preferred not to cooperate.

The management of this companies decided that we are not releasing the data for long period due to technical or some other reasons.
The 10% of the data for each company will be posted within the next 72 hours.

The exfiltrated information is sold only in one hands. So its a great chance to get your info back.

If the lot wasn’t bought out within a week it is posted for free. Stay tuned !

Use the messaging system to arrange a press release interview or to buy out the data you liked.

Suncrypt’s attack on OKCIC directly contradicts a statement they made to this site in September, 2020 that this site reported at the time. After initially attacking a medical entity, they had removed the entity from their leak site and told DataBreaches.net that they had carefully avoided ever locking up life support systems or interfering with any hospital operations.

“We were aiming for the data,” the spokesperson stated, adding,

We don’t play with people’s lives. And no further attacks will be carried against medical organizations even in this soft way.

So why have they attacked OKCIC when they are impacting people’s healthcare and lives?

From OKCIC’s website:

Central Oklahoma American Indian Health Council, Inc. dba Oklahoma City Indian Clinic (OKCIC) is a 501(c)(3) nonprofit corporation that strives to increase access to quality health care and wellness services and produce positive health care outcomes for urban American Indians living in central Oklahoma.

OKCIC is a contractor of the (federal) Indian Health Service.

Let me stress the above: OKCIC is a nonprofit corporation dedicated to providing healthcare to those who often struggle to obtain culturally sensitive and quality healthcare due to lack of insurance, lack of providers in certain areas, and overcrowded emergency rooms.

And these are the folks Suncrypt hit?

DataBreaches.net has sent inquiries to both OKCIC and Suncrypt about this incident and will update this post if replies are received.

DataBreaches.net hopes this is simply an error on Suncrypt’s part and they will immediately provide the clinic with decryption help to help them restore health services.

Update March 29: While neither OKCIC nor Suncrypt have responded directly to this site’s inquiries, OKCIC gave a statement to KFOR that includes the following: “While our investigation remains ongoing at this time, we currently do not have evidence of unauthorized access to patient information.”

Related posts:

  • Forbes Breach Email Statistics
  • 1,355 Indian websites Hacked by hax.r00t n saadi Pakistani hackers
  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • SunCrypt ransomware group swears off medical entities, sets sights on cybersecurity firms
Category: Breach IncidentsHealth DataMalware

Post navigation

← IL: Blessing details defenses amid increasing health system cyber-attacks
Four HIPAA Enforcement Actions Hold Healthcare Providers Accountable With Compliance →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.