Oklahoma-based Integris Health had data from more than 2 million patients claimed to be stolen in a cyberattack last month, reports KWTV-TV.
In an email sent to individuals impacted by the incident, threat actors admitted exfiltrating birthdates, addresses, phone numbers, and Social Security numbers, as well as insurance and employer details, which they threatened to sell on the dark web while providing a sample of the stolen data.
"We have contacted Integris Health, but they refuse to resolve this issue. We give you the opportunity to remove your personal data from our databases before we sell the entire database to data brokers on Jan. 5, 2024," said the hackers.
Integris Health has already confirmed that some parts of its patient data-storing network were infiltrated.
"Upon becoming aware of the activity, INTEGRIS Health promptly took steps to secure the environment and commenced an investigation into the nature and scope of the activity. There was no interruption to any services as a result of this event, and INTEGRIS Health remains fully operational," Integris Health said.