Amazon’s company hit by data breach claims: hackers issue last warning
One Medical, Amazon's healthcare bet, has just landed in the crosshairs of one of the internet's most prolific extortion gangs, which claims to have stolen 8.8TB of data from the company.
-
Extortion group ShinyHunters claims it stole 8.8TB of data from One Medical, a healthcare network serving more than 830,000 patients across over 250 clinics in the US.
-
The group posted the claim on its dark web leak site and issued a "final warning," giving One Medical until June 22nd to begin negotiations before allegedly publishing the stolen information.
-
No sample data has been released, so it is unclear what was actually taken. However, if the claim is legitimate, the exposed information could include sensitive medical records and personally identifiable information (PII).
-
Medical data combined with PII is highly valuable to cybercriminals because it can enable identity theft, targeted phishing campaigns, and sophisticated social engineering attacks.
ShinyHunters claims to have stolen more than 8.8 terabytes of data from the US healthcare provider, which operates over 250 clinics across 19 major cities.
The listing was recently published on the gang's data leak site on the dark web. The threat actors issued what they describe as a "final warning" to the company.
One Medical has until June 22nd to start negotiations before the group allegedly releases the stolen information.
So far, the attackers have not published any samples of the allegedly exfiltrated data, making it impossible to determine what type of information may be involved.
However, given the services that One Medical provides, the stolen information could include sensitive medical data and other personally identifiable information (PII) of patients. PII, paired with medical information, is a goldmine for scammers and cybercriminals. Such data could be exploited for identity theft, highly convincing and targeted phishing campaigns, and social engineering attacks.
Cybernews has reached out to One Medical for comment and will update this article when a response is received.
What is One Medical?
Founded in 2007, One Medical is a membership-based primary healthcare provider. The company offers both in-person and virtual care services and serves over 830,000 patients.
In 2023, Amazon acquired One Medical for approximately $3.9 billion, significantly expanding its healthcare footprint.
Who are ShinyHunters?
ShinyHunters has been in the headlines for targeting high-profile victims. The group has been linked to numerous breaches, relying on stealing and leaking data from its victims. It is a rather distinct strategy from simply encrypting the data for a ransom.
The primarily English-speaking extortion group is known for many devastating attacks. Just recently, the gang listed many well-known companies on their leak site, claiming JCPenney, Kodak, BCD Travel, Infinite Campus, and Sysco.
This year, the gang hit Dutch telecommunications giant Odido and the European Commission. The gang is also behind attacks on Cisco Systems, the GTA creators Rockstar Games, and US investment advisory firms Mercer Advisors and Beacon Pointe Advisors.
