Iora Health: Amazon-Owned One Medical Faces Alleged 8.8TB Data Breach

Iora Health: Amazon-Owned One Medical Faces Alleged 8.8TB Data Breach

One Medical Faces Extortion Threat as ShinyHunters Claims Massive Data Theft

Amazon-owned primary care provider One Medical is under scrutiny after the cybercriminal group ShinyHunters alleged it stole 8.8 terabytes of company data, threatening to publish the information unless negotiations begin by June 22. The claim remains unverified, as the group has not provided sample data to substantiate its assertions.

One Medical serves over 830,000 patients across 250+ clinics and virtual care platforms in the U.S., making the potential breach particularly concerning. If legitimate, the exposed data could include medical records and personal identifiers, which are highly valuable to cybercriminals for identity theft and targeted fraud.

The extortion attempt follows a separate, confirmed incident disclosed by One Medical earlier this month. An unauthorized party accessed a third-party file storage system containing archived records from legacy Iora Health patients. The company stated the breach was limited in scope, affecting only a subset of One Medical Seniors and former Iora Health patients, and did not impact other One Medical or Amazon systems. Access was revoked, and affected individuals are being notified.

ShinyHunters, known for high-profile data thefts across industries including technology, retail, and government typically focuses on data exfiltration and leaks rather than traditional ransomware attacks. The group’s history of targeting major organizations adds weight to the current threat, though the lack of evidence leaves the claim’s validity in question.

One Medical has not publicly confirmed the extortion demand, and the situation remains under investigation. The timing of the two incidents has intensified scrutiny of the healthcare provider’s cybersecurity measures.

Source: https://nationalcioreview.com/articles-insights/extra-bytes/amazon-owned-one-medical-faces-alleged-8-8tb-data-breach/

Iora Health TPRM report: https://www.rankiteo.com/company/one-medical-group

"id": "one1781793311",
"linkid": "one-medical-group",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '830,000+ patients (potential), '
                                              'Subset of One Medical Seniors '
                                              'and former Iora Health patients '
                                              '(confirmed)',
                        'industry': 'Healthcare',
                        'location': 'U.S.',
                        'name': 'One Medical',
                        'size': '250+ clinics, 830,000+ patients',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Third-party file storage system, Data exfiltration',
 'customer_advisories': 'Notifications to affected individuals (confirmed '
                        'incident)',
 'data_breach': {'data_exfiltration': 'Alleged (8.8 terabytes)',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Medical records, Personal '
                                             'identifiers'},
 'description': 'Amazon-owned primary care provider One Medical is under '
                'scrutiny after the cybercriminal group ShinyHunters alleged '
                'it stole 8.8 terabytes of company data, threatening to '
                'publish the information unless negotiations begin by June 22. '
                'The claim remains unverified, as the group has not provided '
                'sample data to substantiate its assertions. The extortion '
                'attempt follows a separate, confirmed incident disclosed by '
                'One Medical earlier this month involving unauthorized access '
                'to a third-party file storage system containing archived '
                'records from legacy Iora Health patients.',
 'impact': {'brand_reputation_impact': 'High (potential)',
            'data_compromised': '8.8 terabytes (alleged), Medical records and '
                                'personal identifiers',
            'identity_theft_risk': 'High (if data is legitimate)',
            'systems_affected': 'Third-party file storage system (confirmed), '
                                'Potential broader systems (alleged)'},
 'initial_access_broker': {'entry_point': 'Third-party file storage system'},
 'investigation_status': 'Ongoing',
 'motivation': 'Extortion, Data theft for financial gain',
 'ransomware': {'data_exfiltration': 'Alleged (8.8 terabytes)'},
 'references': [{'source': 'Cyber Incident Description'}],
 'response': {'communication_strategy': 'Notifications to affected individuals '
                                        '(confirmed incident), No public '
                                        'confirmation of extortion demand',
              'containment_measures': 'Access revoked to third-party file '
                                      'storage system'},
 'threat_actor': 'ShinyHunters',
 'title': 'One Medical Faces Extortion Threat as ShinyHunters Claims Massive '
          'Data Theft',
 'type': 'Extortion, Data Breach'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.