One Medical, the primary care provider acquired by Amazon in 2023, is facing questions after the cybercriminal group ShinyHunters claimed it stole 8.8 terabytes of company data and threatened to publish the information unless negotiations begin by June 22.
The allegation remains unverified, and the group has not released any sample data to support its claims.
However, the threat is notable given One Medical’s scale, serving more than 830,000 patients through a network of clinics and virtual care services across the United States.
The claim also comes just days after One Medical disclosed a separate security incident involving a third-party file storage system used to retain archived information from legacy Iora Health patients. While the company described that event as limited in scope and isolated from other One Medical and Amazon systems, the timing has drawn additional attention to the healthcare provider’s cybersecurity posture.
Why It Matters: Healthcare data is among the most sensitive information organizations hold. If the alleged theft is legitimate, exposed records could potentially contain a combination of medical and personal information that can be exploited for identity theft, fraud, and targeted scams.
- ShinyHunters alleges a major data theft: The extortion group claims it exfiltrated more than 8.8TB of data from One Medical, which serves more than 830,000 patients through over 250 clinics across the United States. The group has threatened to release the data if negotiations do not begin by June 22.
- No public proof has been provided: Despite the severity of the claim, attackers have not released sample files or evidence demonstrating what information was allegedly taken. As a result, the scope and authenticity of the claimed theft remain unverified.
- Patient information could be especially sensitive: If the claim proves legitimate, exposed records could potentially include medical information alongside personal identifiers. Such combinations are particularly valuable to cybercriminals because they can facilitate identity fraud and highly targeted scams.
- One Medical separately confirmed a limited security event: The company disclosed that an unauthorized party accessed a third-party file storage system containing archived Iora Health records. According to One Medical, the incident affected only a limited number of One Medical Seniors and legacy Iora Health patients. One Medical stated that the unauthorized access was confined to the third-party storage environment and did not impact other One Medical or Amazon systems. The company reported that access was revoked immediately, and affected patients are being notified.
- ShinyHunters has a history of high-profile attacks: The group has been linked to breaches involving major organizations across multiple industries, including technology, retail, telecommunications, government institutions, and professional services firms. Its approach often centers on stealing and leaking data rather than relying solely on encryption-based ransomware tactics.
Go Deeper -> Amazon’s company hit by data breach claims: hackers issue last warning – Cybernews
Trusted insights for technology leaders
Our readers are CIOs, CTOs, and senior IT executives who rely on The National CIO Review for smart, curated takes on the trends shaping the enterprise, from GenAI to cybersecurity and beyond.
Subscribe to our 4x a week newsletter to keep up with the insights that matter.
