US Healthcare Firm Loses 22GB of Data

Uploaded on 2024-09-17 in FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Hackers

US company Kootenai Health has explained that a significant cyber security attack hitting over 464k patients personal information was stolen and leaked by the 3AM ransomware hackers. 

Kootenai Health is a not-for-profit healthcare provider in the northern US State of Idaho, operating the largest hospital in the region, offering a wide range of medical services, including emergency care, surgery, cancer treatment, cardiac care, and orthopaedics.

Now the threat group which calls itself 3AM ransomware has  leaked about 22 gigabytes of data stolen from Kootenai Health. This compromised the personal and protected health information (PHI) of 464,088 individuals, including patients, employees, and their dependents. 

In a filing with the Office of Maine Attorney General, Kootenai Health said that on March 2, it identified unauthorised activities in its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. “The investigation revealed that an unknown actor may have gained unauthorised access to certain data from the Kootenai Health network on or about February 22, 2024,” the healthcare provider said.

The compromised data included names, dates of birth, Social Security numbers, driver’s licence or government-issued identification numbers, medical record numbers, medical treatment and condition information, medical diagnoses, medication information, and health insurance information.

Kootenai Health’s filing with the Maine state regulator also revealed that at least 464,088 individuals were impacted by the data security incident. While the healthcare provider did not name who was behind the cyber security incident, a group of threat actors going by the name “3AM ransomware” has claimed responsibility for the data security incident and listed Kootenai Health as a victim on its data leak site.  

The healthcare firm said that after it discovered the incident, it “implemented additional security features to reduce the risk of a similar incident occurring in the future,” notified the FBI, and said it will provide the authorities with all the information necessary to identify the hackers. 

Kootenai Health has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.    

TEISS   |   Bleeping Computer    |    HIPAA Journal  |    Paubox   |   SCMagazine   |  Cyber Times

Image: Ayush Kumar

You Might Also Read: 

MediSecure Hack - Half The Australian Population Affected:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 


 

« Space: The Last Cybersecurity Frontier?
Iran Pays $Mulitmillion Ransom To Protect Its Banks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

Vanguard Integrity Professionals

Vanguard Integrity Professionals

Vanguard Integrity Professionals is an independent provider of enterprise security software solutions that address complex security and regulatory compliance challenges.

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI) is a premier federal law enforcement agency within the Department of Homeland Security (DHS).

Usenix

Usenix

Usenix brings together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of computing.

Verificient Technologies

Verificient Technologies

Verificient Technologies specializes in biometrics, computer vision, and machine learning to deliver world-class solutions in continuous identity verification and remote monitoring.

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS) is a state-owned commercial enterprise providing confidential communication, trust services and services in the field of information protection.

Mindmajix Technologies

Mindmajix Technologies

Mindmajix is a live and interactive e-learning platform that offers professional online IT training in areas including cyber security.

Saepio Solutions

Saepio Solutions

Saepio promote an all-encompassing approach to cybersecurity, ensuring the appropriate balance of budget and resource across Policy, Product and People.

KryptoKloud

KryptoKloud

KryptoKloud offer a suite of Managed Services including Security Monitoring and Incident Response as well as a full portfolio of Compliance, Governance and Audit solutions.

Blumira

Blumira

Blumira provides comprehensive, hybrid cloud security monitoring and reporting for organizations of all sizes, enabling them to detect and respond to cloud security threats quickly and effectively.

Vizius Group

Vizius Group

The Vizius Group are a think tank of cybersecurity consultants who understand the mechanics and business value of risk reduction.

Strac

Strac

Eliminate Personal Data Risks from your business. Our Dataless SaaS removes the need to manage sensitive data across web, mobile apps, servers and communication channels.

Accenture

Accenture

Accenture is a leading global professional services company providing a range of strategy, consulting, digital, technology & operations services and solutions including cybersecurity.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

Net Essence

Net Essence

Net Essence is a Managed IT Services Provider. We deliver effective, reliable and fit-for-purpose IT solutions for SMEs based in the UK.