Kootenai Well being has disclosed a knowledge breach impacting over 464,000 sufferers after their private data was stolen and leaked by the 3AM ransomware operation.
Kootenai Well being is a not-for-profit healthcare supplier in Idaho, working the most important hospital within the area, providing a variety of medical providers, together with emergency care, surgical procedure, most cancers remedy, cardiac care, and orthopedics.
The group is notifying sufferers who obtained care at its amenities that it detected a cyberattack in early March 2024, which disrupted sure IT techniques.
An ongoing investigation exhibits that the cybercriminals gained unauthorized entry to Kootenai’s techniques on February 22, 2024, permitting the menace actors ten days to roam the community and steal delicate information.
“On March 2, 2024, Kootenai Health became aware of unusual activity that disrupted access to certain IT systems,” reads the notification submitted to Maine’s AG Workplace.
“The investigation revealed that an unknown actor may have gained unauthorized access to certain data from the Kootenai Health network on or about February 22, 2024.”
The examination of what information has been stolen on account of this breach was concluded on August 1, confirming the next as uncovered:
- Full names
- Dates of start
- Social Safety numbers (SSNs)
- Driver’s Licenses
- Authorities ID numbers
- Medical report numbers
- Medical remedy and situation data
- Medical diagnoses
- Medical insurance data
Kootenai Well being states that it is unaware of any misuse of the stolen data. It additionally enclosed directions for impacted people to enroll in 12-24 months of id safety providers, relying on what information was uncovered.
Sufferers can also go to the hospital’s announcement revealed on the Kootenai Well being web site for extra data and assist hyperlinks.
3AM ransomware leaks the info
The 3AM ransomware gang has claimed accountability for the assault and leaked stolen information on its darknet portal, indicating {that a} ransom was not paid.
The stolen information consists of a 22GB archive, obtainable totally free, permitting another cybercriminal to obtain the info and put it to use in additional assaults.
Supply: BleepingComputer
3AM is a Rust-based ransomware pressure first reported in September 2023, seeing restricted deployment as a fallback possibility for when extra confirmed lockers failed.
In January, Intrisec analysts reported seeing notable hyperlinks between 3AM, Conti, and the Royal ransomware gangs, suggesting some affiliation between the three gangs.
