Dark Web Deals: Hackers Peddle Stolen Integris Data, Patients Pay the Price

by · Published · Updated

Patients of Integris Health in Oklahoma are receiving extortionate emails, claiming their data has been stolen due to a cyberattack on the healthcare network, with threats to sell the data to other cybercriminals unless a ransom is paid.

Integris Health, the largest non-profit healthcare network in Oklahoma, USA, comprises hospitals, clinics, and emergency care centers throughout the state.

Integris Health confirmed that in November, the company experienced a breach of “certain systems” which led to the theft of patient data.

Upon discovering suspicious activity, INTEGRIS Health promptly took steps to secure its systems and initiated an investigation into the nature and scope of the cyberattack.

In emails sent to patients on December 24, hackers claimed to have stolen personal data of over 2 million patients in the cyberattack on Integris Health.

The stolen data reportedly includes social security numbers, birth dates, addresses, phone numbers, insurance information, and employer details.

Integris Health patients reported that the emails contain accurate personal information, confirming that patient data was indeed stolen in the attack.

We have contacted Integris Health, but they refuse to resolve this issue,” the email to patients states. “We give you the opportunity to remove your personal data from our databases before we sell the entire database to data brokers on Jan 5 2024.”

Tor dark web site selling personal data of patients
Source: BleepingComputer

The emails include a link to a Tor website, listing the stolen data of about 4,674,000 individuals, including their names, social security numbers, birth dates, and hospital visit information.

The website contains data added from October 19 to December 24, 2023. It offers visitors the option to pay $50 to remove a data entry or $3 to view it.

Integris Health is aware of the emails sent to patients and has updated its security notice, advising recipients not to respond, contact the sender, or click on links in the email.

While it is unknown who is behind the Integris Health attack, similar emails were sent to patients of the Fred Hutchinson Cancer Center (Fred Hutch) following a breach by the extortion group Hunters International.

The emails to Fred Hutch patients also provided access to a darknet site to remove their data for $50. This suggests that the same extortion group may be responsible for the attack on Integris Health.

Tags: