US Healthcare Firm Loses 22GB of Data

Uploaded on 2024-09-17 in FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Hackers

US company Kootenai Health has explained that a significant cyber security attack hitting over 464k patients personal information was stolen and leaked by the 3AM ransomware hackers. 

Kootenai Health is a not-for-profit healthcare provider in the northern US State of Idaho, operating the largest hospital in the region, offering a wide range of medical services, including emergency care, surgery, cancer treatment, cardiac care, and orthopaedics.

Now the threat group which calls itself 3AM ransomware has  leaked about 22 gigabytes of data stolen from Kootenai Health. This compromised the personal and protected health information (PHI) of 464,088 individuals, including patients, employees, and their dependents. 

In a filing with the Office of Maine Attorney General, Kootenai Health said that on March 2, it identified unauthorised activities in its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. “The investigation revealed that an unknown actor may have gained unauthorised access to certain data from the Kootenai Health network on or about February 22, 2024,” the healthcare provider said.

The compromised data included names, dates of birth, Social Security numbers, driver’s licence or government-issued identification numbers, medical record numbers, medical treatment and condition information, medical diagnoses, medication information, and health insurance information.

Kootenai Health’s filing with the Maine state regulator also revealed that at least 464,088 individuals were impacted by the data security incident. While the healthcare provider did not name who was behind the cyber security incident, a group of threat actors going by the name “3AM ransomware” has claimed responsibility for the data security incident and listed Kootenai Health as a victim on its data leak site.  

The healthcare firm said that after it discovered the incident, it “implemented additional security features to reduce the risk of a similar incident occurring in the future,” notified the FBI, and said it will provide the authorities with all the information necessary to identify the hackers. 

Kootenai Health has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.    

TEISS   |   Bleeping Computer    |    HIPAA Journal  |    Paubox   |   SCMagazine   |  Cyber Times

Image: Ayush Kumar

You Might Also Read: 

MediSecure Hack - Half The Australian Population Affected:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 


 

« Space: The Last Cybersecurity Frontier?
Iran Pays $Mulitmillion Ransom To Protect Its Banks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

CCL Solutions Group

CCL Solutions Group

CCL is one of Europe’s leading digital investigation specialists, supporting law enforcement, government and organisations across both public and private sectors.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

e-Crime Bureau

e-Crime Bureau

e-Crime Bureau is a specialized company offering cyber/computer forensics, cyber security consulting services, forensic audit and investigations services and training to clients across Africa.

New Zealand Internet Task Force (NZITF)

New Zealand Internet Task Force (NZITF)

The New Zealand Internet Task Force (NZITF) is a non-profit with the mission of improving the cyber security posture of New Zealand.

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

Dracoon

Dracoon

DRACOON is market leader in the German-speaking region for secure enterprise file sharing.

Surfshark

Surfshark

Surfshark is a cybersecurity company focused on developing humanized privacy & security protection solutions to secure people's digital lives.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.

Eurotech

Eurotech

Eurotech provides Edge Computers and IoT solutions. We help to connect your assets and make them smarter through secure and agnostic hardware and software technologies.

DeXpose

DeXpose

DeXpose is a hybrid dark/deep web monitoring and attack surface mapping platform to help you find compromised data or exposed assets related to your organization way before threat actors.

Dynamic Networks

Dynamic Networks

Dynamic Networks provide Managed Cloud Services; Unified Communications; Security & Compliance Services and Network & Infrastructure Services for both Public Sector and Private sector businesses.

Eficens Systems

Eficens Systems

Eficens Systems is a global IT services and consulting company. We specialize in empowering businesses to harness the potential of Information Technology as a strategic asset.

ETI-NET

ETI-NET

ETI-NET is the worldwide leader in managing critical data for industries that never stop.