Oklahoma’s Largest Non-Profit Health System Breached; 2.3 Million Exposures
Table of Contents
- By Steven
- Published: Feb 19, 2024
- Last Updated: Feb 21, 2024
INTEGRIS Health is the largest non-profit healthcare network in Oklahoma and surrounding regions. The network includes medical and surgical centers, hospitals, emergency rooms, hospice options, addiction recovery programs, and a holistic approach to health and wellness. In November 2023, Integris discovered suspicious activity within their network environment; subsequent investigations have confirmed they were the target of a cyberattack that exposed 2,385,646 individuals.
How Did the Attack Occur?
Not much is public about the attack or how the assailants made it happen. Other than the few details listed in the Integris website statement, there is plenty of room for speculation about the events leading up to the breach. According to the statement, an unauthorized actor accessed the environment and began accessing files. There are no indications of ransomware attacks or encryptions, but signs point to possible extortion/phishing consequences associated with this event. Based on reporting, a month after the attack occurred, victims of the event began to receive communications from a group claiming responsibility for the attack. Victims must be cautious when interacting with others online and ignore or delete messages from strangers.
What Information Was Viewed or Stolen?
Based on the published website statement, the compromised data in this event differs between individuals but may primarily come from patients. The data elements exposed in the incident include names, dates of birth, contact information, demographic details, and Social Security Numbers. Moreover, the data compromised lends itself to spear phishing (where cybercriminals target a victim using individual-specific details to gather more data) and extortion (where a criminal can use the stolen details to threaten the victim into cooperation).
How Did Integris Health Admit to the Breach?
The Integris statement lists the earliest day in the timeline to be around November 28th, 2023; purportedly, this is the day the unauthorized actor accessed the environment. It is unclear how long they were in the network up to that point and when officials finally discovered the breach. Presumably, officials discovered the threat and immediately removed the actor from the network. Around a month later, on December 24th, some victims began to report the unauthorized actors messaging them about the event. In January 2024, officials began notifying the state attorney general’s offices and those impacted by the breach.
What Will Become of the Stolen Information?
The information stolen in this event lends itself to phishing and extortion practices; however, the criminals could use this data to create fraudulent identity schemes or impersonations. On the one hand, the threat actors contacting victims for further data is good because it indicates their limited options for profiteering from the event. Still, on the other hand, it is terrible because it further threatens victims and displays a willingness to abuse those already impacted.
What Should Affected Parties Do in the Aftermath of the Breach?
The data elements compromised in this event are mainly permanent; Social Security Numbers, demographics, and personal identifiers are challenging to alter. However, contact information may be a strong indicator in mitigating the outcomes of this breach. Since the bad actors presumably used stolen contact information to communicate with their victims, those same individuals must consider changing their contact details (i.e., phone number, email address). Victims must be cautious when interacting online with strangers and use vague language to describe themselves and the topics they care about. Victims of this incident will receive their impact notice in the next few weeks, but they don’t need to wait for a notice for preventing account takeovers.