INTEGRIS Health
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The INTEGRIS Health breach involved unauthorized access to certain files on November 28, 2023, which may have compromised the personal information of patients. The specific types of personal information that were potentially affected include full names, dates of birth, contact information, demographic information, and Social Security numbers[2][3][4][5][6][9][14].
INTEGRIS Health responded to the breach by launching an investigation to determine the nature and scope of the incident. They took immediate action to secure their systems and prevent further unauthorized access. The company posted a notice on their website on December 24, 2023, informing patients of the “data privacy incident” and advising them not to respond to any communications from the group claiming responsibility for the data breach. INTEGRIS Health also encouraged patients to remain vigilant against identity theft or fraud by monitoring their account statements and credit reports[2][3][6][9][14].
The breach reportedly affected nearly 2.4 million patients, making it a significant cybersecurity incident. The organization has faced multiple class-action lawsuits over the breach, with allegations that they failed to implement reasonable security measures to protect patient data and were not transparent about the cyberattack and data breach[2][4][5][6][13][14].
Patients began receiving communications from the threat actor on Christmas Eve, and the perpetrator claimed to have exfiltrated personal data from about 2.2 million patients. The hacker also threatened to sell the stolen data online unless a ransom was paid. INTEGRIS Health began notifying affected individuals on January 5, 2024, approximately 38 days after the breach occurred and after the hacker had already emailed patients[2][6][10].
INTEGRIS Health is offering 24 months of access to free credit monitoring and identity protection services to the victims of the breach. The organization has published a FAQ to provide additional information to the affected individuals and has set up a dedicated email for questions related to the breach[3][5][10].
Citations:
- https://integrisok.com/landing/cyber-event
- https://nondoc.com/2024/02/14/class-action-lawsuit-criticizes-integris-health-cyberattack-response/
- https://www.koco.com/article/oklahoma-integris-health-data-breach/46227897
- https://www.teiss.co.uk/news/integris-health-reports-data-breach-affecting-24-million-patients-13469
- https://www.bleepingcomputer.com/news/security/integris-health-says-data-breach-impacts-24-million-patients/
- https://www.hipaajournal.com/integris-health-data-breach/
- https://www.prnewswire.com/news-releases/console–associates-pc-integris-health-posts-notice-of-possible-data-breach-after-hackers-contact-individual-patients-302023552.html
- https://integrisok.com/notice-of-privacy-practices
- https://www.jdsupra.com/legalnews/integris-reports-possible-data-breach-5086725/
- https://okcfox.com/news/local/integris-health-faces-federal-lawsuits-amid-data-breach-dark-web-extortion-alleged-by-victims-cyber-security-tor-darknet-personal-info-hospital
- https://www.enidnews.com/news/integris-urgers-patients-to-not-respond-to-hackers-demands/article_02aa0b3c-ab43-11ee-83eb-dbc76358f6a9.html
- https://keplersafe.com/integris-health-data-breach-exposes-patients-personal-information/
- https://topclassactions.com/lawsuit-settlements/privacy/data-breach/integris-health-class-action-claims-data-breach-affects-2m-patients/
- https://www.securityweek.com/integris-health-data-breach-could-impact-millions/
- https://www.businesswire.com/news/home/20240130727058/en/Oklahoma-City-based-Law-Firm-Federman-Sherwood-Files-First-Two-Data-Breach-Class-Action-Lawsuits-Against-Integris-Health-Inc.
- https://kfor.com/news/local/class-action-lawsuit-filed-against-integris-health-amid-data-breach-concerns/
- https://www.oklahoman.com/story/news/state/2024/02/07/fbi-looking-for-integris-health-data-breach-victims/72496535007/