On December 24, Integris Health of Oklahoma started contacting patients about a cyberattack on November 28. The unnamed threat actors did not encrypt any of the health system’s files, but Integris learned that patients were being contacted directly by threat actors.
Integris has posted a notice with updates and an FAQ to help inform those affected. Integris is Oklahoma’s largest not-for-profit and Oklahoma-owned health care system, with hospitals, specialty clinics, family care practices, and centers of excellence.
According to their notice, after Integris became aware of suspicious activity in their system, they took steps to secure the environment and started an investigation. The investigation determined unauthorized access to some files occurred on November 28, 2023. On December 24, Integris learned that patients began receiving communications from a group claiming responsibility for the unauthorized access.
“We encourage anyone receiving such communications to NOT respond or contact the sender, or follow any of the instructions, including accessing any links,” Integris advised in its December 24 notice.
The personal information potentially affected varied by individual but might include for any individual their name, date of birth, contact information, demographic information, and/or Social Security number.
DataBreaches commends Integris for quickly sending out alerts to patients the same day they learned that threat actors were contacting patients directly.
Update: Bleeping Computer has additional details about the extortion attempts involving patients and a Tor leak site with the patient data available for viewing or buying. Earlier today, DataBreaches was sent a link to the same Tor site, but did not attempt to verify that the data displayed was real patient data. It is not clear who the group is as the name is either a re-brand or some new group or affiliate going solo. This post will be updated when more information becomes available.