In November 2023, Integris Health, an Oklahoma-based healthcare system, suffered a massive data breach exposing over 2 million patients' sensitive information, including Social Security Numbers, dates of birth, addresses, phone numbers, insurance details, and employer data. Cybercriminals, operating under the alias DataLeakege, stole the data and began directly extorting victims, demanding $50 per person to prevent the sale of their information on the darknet for fraud and identity theft. The breach stemmed from negligent data security practices, with plaintiffs alleging Integris failed to protect patient records or attempt to recover the stolen data. Victims faced imminent fraud and identity theft risks, prompting a $30 million class-action settlement offering three years of credit monitoring, $1M in identity theft insurance, and up to $25,000 in reimbursements for breach-related expenses. Integris denied wrongdoing but acknowledged the incident, later enhancing security policies to prevent future breaches.
TPRM report: https://www.rankiteo.com/company/integris-health
"id": "int5992459101525",
"linkid": "integris-health",
"type": "Breach",
"date": "11/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Over 2 million individuals',
'industry': 'Healthcare',
'location': 'Oklahoma, USA',
'name': 'Integris Health',
'type': 'Health System'}],
'customer_advisories': 'Victims advised not to respond to extortion emails, '
'to monitor credit reports, and to submit claims for '
'settlement benefits by December 22, 2025.',
'data_breach': {'data_exfiltration': 'Yes (data stolen and threatened to be '
'sold on the darknet)',
'number_of_records_exposed': 'Over 2 million',
'personally_identifiable_information': 'Yes (SSNs, dates of '
'birth, addresses, '
'phone numbers, '
'insurance info, '
'employer info)',
'sensitivity_of_data': 'High (includes SSNs, dates of birth, '
'insurance info, etc.)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2023-11-28',
'date_publicly_disclosed': '2023-12-24',
'description': 'Oklahoma health system Integris Health reached a $30 million '
'settlement in a data breach class action lawsuit that '
'impacted over two million people. The breach occurred in '
'November 2023, exposing highly sensitive patient data, '
'including Social Security Numbers, dates of birth, addresses, '
'phone numbers, insurance information, and employer '
"information. Cybercriminals, identified as 'DataLeakege,' "
'extorted victims directly, threatening to sell the stolen '
'data on the darknet unless a $50 ransom was paid per victim. '
'Integris denied wrongdoing but agreed to the settlement, '
'which includes credit monitoring services, identity theft '
'insurance, and reimbursements for out-of-pocket costs '
'associated with the breach.',
'impact': {'brand_reputation_impact': 'Significant reputational damage due to '
'negligence allegations and failure to '
'prevent extortion of victims',
'customer_complaints': 'Multiple class action lawsuits filed and '
'consolidated (Bointy, et al. v. Integris '
'Health, Inc.)',
'data_compromised': ['Social Security Numbers',
'Dates of Birth',
'Addresses',
'Phone Numbers',
'Insurance Information',
'Employer Information'],
'financial_loss': '$30 million (settlement amount)',
'identity_theft_risk': "High (victims exposed to 'imminent risk' "
'of fraud and identity theft)',
'legal_liabilities': '$30 million settlement, potential additional '
'legal actions, court-approved attorneys’ '
'fees, and administrative costs'},
'initial_access_broker': {'data_sold_on_dark_web': 'Threatened (DataLeakege '
'claimed they would sell '
'data if ransom was not '
'paid)',
'high_value_targets': ['Patient data (PII/PHI)']},
'investigation_status': 'Completed (third-party investigation conducted; '
'settlement reached)',
'lessons_learned': 'Importance of robust data security measures, timely '
'public disclosure of breaches, and proactive '
'communication with affected individuals to mitigate risks '
'such as extortion and identity theft.',
'motivation': ['Financial Gain', 'Data Theft', 'Extortion'],
'post_incident_analysis': {'corrective_actions': ['Reviewing and enhancing '
'cybersecurity policies and '
'procedures',
'Offering credit monitoring '
'and identity theft '
'insurance to victims',
'Improving communication '
'strategies for future '
'incidents'],
'root_causes': ['Insufficient data security '
'measures',
'Failure to protect sensitive '
'patient information',
'Delayed public disclosure of the '
'breach']},
'ransomware': {'data_exfiltration': 'Yes (data stolen and used for extortion)',
'ransom_demanded': '$50 per victim (by DataLeakege)',
'ransom_paid': 'No (Integris refused to pay or negotiate)'},
'recommendations': ['Enhance cybersecurity policies and procedures to prevent '
'future breaches.',
'Implement stronger monitoring and detection systems to '
'identify breaches earlier.',
'Provide timely and transparent communication to affected '
'individuals during a breach.',
'Consider proactive measures to prevent or mitigate '
'extortion attempts by cybercriminals.',
'Offer comprehensive support (e.g., credit monitoring, '
'identity theft insurance) to victims of data breaches.'],
'references': [{'source': 'Newsweek', 'url': 'https://www.newsweek.com'},
{'source': 'U.S. District Court for the Western District of '
'Oklahoma (Bointy, et al. v. Integris Health, '
'Inc.)'},
{'source': 'Integris Health Breach Notice (December 24, '
'2023)'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit (Bointy, et '
'al. v. Integris Health, Inc.) '
'settled for $30 million'},
'response': {'communication_strategy': 'Public notice published on Integris '
'Health website (December 24, 2023), '
'advising victims not to respond to '
'extortion emails and to monitor for '
'identity theft',
'enhanced_monitoring': 'Encouraged victims to monitor credit '
'reports and account statements for '
'suspicious activity',
'incident_response_plan_activated': 'Yes (investigation '
'conducted with third-party '
'cybersecurity specialist)',
'recovery_measures': 'Notifying affected individuals and '
'offering credit monitoring services',
'remediation_measures': 'Reviewing and enhancing existing '
'policies and procedures to reduce the '
'likelihood of future incidents',
'third_party_assistance': 'Yes (third-party cybersecurity '
'specialist involved)'},
'stakeholder_advisories': 'Integris Health encouraged stakeholders (patients) '
'to monitor for identity theft and fraud, review '
'account statements, and use provided credit '
'monitoring services.',
'threat_actor': 'DataLeakege (cybercriminal group)',
'title': 'Integris Health Data Breach and $30 Million Settlement',
'type': ['Data Breach', 'Extortion', 'Identity Theft Risk']}