February 13, 2024 at 02:30PM
Integris Health reported a data breach exposing personal information of 2.4 million people to U.S. authorities. The cyberattack threatened to sell stolen data, but did not interrupt services. Data included names, birth dates, contact and demographic info, and SSNs, but not employment, financial, or login details. The ransom deadline has passed.
Based on the meeting notes, here are the key takeaways:
– Integris Health suffered a data breach in November 2023 affecting almost 2.4 million people.
– The breach involved personal information such as full names, dates of birth, contact information, demographic information, and Social Security Numbers.
– The cyberattack did not cause any network interruption, allowing Integris Health to continue providing services to patients.
– The threat actor attempted to extort the organization by threatening to sell the stolen data to other cybercriminals if their demands were not met.
– Integris Health has confirmed that the stolen data was not encrypted and the threat actor is selling it on a dark web marketplace.
– The U.S. Department of HHS Office for Civil Rights (OCR) portal shows that 2,385,646 Integris Health patients were impacted.
– Integris Health is notifying affected patients individually and providing them with a FAQ document containing information on the incident and protective steps they can take.
It is important to note that the deadline for the ransom has passed, and it is likely that the stolen data has been sold or shared with other cybercriminals, posing a threat of identity theft and fraud attempts for the affected individuals.