Illustration: Supimol Kumying | Shutterstock
Idaho-based healthcare company Kootenai Health has disclosed a data breach involving a ransomware attack that has affected more than 460,000 users. The organisation provides healthcare services in northern Idaho and the entire Inland Northwest region.
According to a notice issued by the company on its website, the attack was discovered on March 2 when several of its IT systems were disrupted. An investigation revealed that attackers had had access to the company’s network for over a week. Certain data was extracted on February 22, including personally identifiable (PII) and protected health information (PHI).
The leaked data includes names, dates of birth, Social Security, and driver’s license numbers, among other government-issued ID numbers. Additionally, the attackers extracted medical records, treatment information, diagnosis, health insurance data, and other information.
While Kootenai hasn’t revealed any information about who was behind the attack, ransomware group 3AM has claimed responsibility. The group even uploaded a 22GB archive containing data stolen from the alleged hack on a hard web forum, suggesting the company refused to pay a ransom. Kootenai claims that it is not “aware of any attempt to misuse any of the information potentially involved in this incident.”
In the meantime, the company notified all 464,088 people affected by the breach on August 12. The victims are also receiving 12 months of credit and identity protection services on the company’s behalf. Operationally, Kootenai wasn’t affected by the attack and continued functioning as usual. A copy of the letter has also been submitted to the Maine Attorney General’s Office, and the FBI and other relevant law enforcement agencies have been informed.
In the News: UTG-Q-010 targets cryptocurrency users with phishing attacks