One Medical, the primary care provider acquired by Amazon in 2023, is facing questions after the cybercriminal group ShinyHunters claimed it stole 8.8 terabytes of company data and threatened to publish the information unless negotiations begin by June 22.
The allegation remains unverified, and the group has not released any sample data to support its claims.
However, the threat is notable given One Medical’s role as a national healthcare provider. The company operates a network of clinics and virtual care services across the United States, though the scope of any data potentially affected by the alleged breach remains unclear.
One Medical has disclosed a security incident involving a third-party file storage system used to retain archived information from legacy Iora Health patients. The company said its investigation found that only a limited number of legacy Iora Health and One Medical Seniors patient files were accessed and that no other One Medical or Amazon systems were affected.
Why It Matters: Healthcare data is among the most sensitive information organizations hold. If the alleged theft is legitimate, exposed records could potentially contain a combination of medical and personal information that can be exploited for identity theft, fraud, and targeted scams.
- ShinyHunters alleges a major data theft: The extortion group claims it exfiltrated more than 8.8TB of data from One Medical, which serves over 250 clinics across the United States. The group has threatened to release the data if negotiations do not begin by June 22.
- No public proof has been provided: Despite the severity of the claim, attackers have not released sample files or evidence demonstrating what information was allegedly taken. As a result, the scope and authenticity of the claimed theft remain unverified.
- Patient information could be especially sensitive: If the claim proves legitimate, exposed records could potentially include medical information alongside personal identifiers. Such combinations are particularly valuable to cybercriminals because they can facilitate identity fraud and highly targeted scams.
- One Medical confirmed a limited security event: The company disclosed that an unauthorized party accessed a third-party file storage system containing archived Iora Health records. According to One Medical, the incident affected only a limited number of legacy Iora Health and One Medical Seniors patients, representing a subset of the company’s overall patient population. The company stated that no other One Medical patients were impacted and that the unauthorized access was confined to the third-party storage environment, with no impact on other One Medical or Amazon systems. Access was revoked immediately, and affected patients are being notified.
- ShinyHunters has a history of high-profile attacks: The group has been linked to breaches involving major organizations across multiple industries, including technology, retail, telecommunications, government institutions, and professional services firms. Its approach often centers on stealing and leaking data rather than relying solely on encryption-based ransomware tactics.
Go Deeper -> Amazon’s company hit by data breach claims: hackers issue last warning – Cybernews
Trusted insights for technology leaders
Our readers are CIOs, CTOs, and senior IT executives who rely on The National CIO Review for smart, curated takes on the trends shaping the enterprise, from GenAI to cybersecurity and beyond.
Subscribe to our 4x a week newsletter to keep up with the insights that matter.


