Amazon One Medical and Iora Health: One Medical Seniors reports data breach of third-party vendor impacting 'limited' number of patients

Amazon One Medical and Iora Health: One Medical Seniors reports data breach of third-party vendor impacting 'limited' number of patients

Amazon One Medical Reports Data Breach Affecting Senior Care Patients

Amazon’s One Medical disclosed a security incident on June 13, 2024, after an unauthorized party accessed a third-party file storage system containing archived data from Iora Health, a Medicare-focused primary care provider acquired by One Medical in 2021. The breach impacted a "limited number" of patients from One Medical’s senior care clinics, which now operate under the rebranded One Medical Senior Health.

The company confirmed that the compromised system stored legacy patient files from Iora Health and affected individuals, though the exact number of impacted patients remains undisclosed. One Medical stated that no other One Medical or Amazon systems were involved, and the incident was contained to the third-party storage platform. Immediate actions were taken to deactivate the system and revoke access, followed by an internal investigation.

One Medical is directly notifying affected patients and has pledged to implement additional safeguards to prevent future breaches. The acquisition of Iora Health in 2021, which served approximately 39,000 Medicare patients across 46 clinics at the time, was part of Amazon’s broader $3.9 billion purchase of One Medical, finalized in February 2023. The breach highlights ongoing risks in healthcare data security, particularly for legacy systems integrated into larger platforms.

Source: https://www.fiercehealthcare.com/health-tech/one-medical-seniors-reports-data-breach-third-party-file-storage-system

Amazon One Medical TPRM report: https://www.rankiteo.com/company/one-medical-group

Iora Health TPRM report: https://www.rankiteo.com/company/iora-health

"id": "oneior1781756753",
"linkid": "one-medical-group, iora-health",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Limited number of senior care '
                                              'patients',
                        'industry': 'Healthcare',
                        'name': 'One Medical (Amazon)',
                        'size': 'Large (acquired by Amazon)',
                        'type': 'Healthcare Provider'},
                       {'customers_affected': 'Approximately 39,000 Medicare '
                                              'patients (at time of '
                                              'acquisition)',
                        'industry': 'Healthcare',
                        'name': 'Iora Health',
                        'size': 'Medium (acquired by One Medical in 2021)',
                        'type': 'Healthcare Provider (acquired)'}],
 'attack_vector': 'Unauthorized access to third-party file storage system',
 'customer_advisories': 'Direct notification to affected patients',
 'data_breach': {'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (healthcare data)',
                 'type_of_data_compromised': 'Patient records'},
 'date_detected': '2024-06-13',
 'date_publicly_disclosed': '2024-06-13',
 'description': 'Amazon’s One Medical disclosed a security incident on June '
                '13, 2024, after an unauthorized party accessed a third-party '
                'file storage system containing archived data from Iora '
                'Health, a Medicare-focused primary care provider acquired by '
                "One Medical in 2021. The breach impacted a 'limited number' "
                'of patients from One Medical’s senior care clinics, which now '
                'operate under the rebranded *One Medical Senior Health*. The '
                'compromised system stored legacy patient files from Iora '
                'Health, and affected individuals were notified. No other One '
                'Medical or Amazon systems were involved.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'healthcare data breach',
            'data_compromised': 'Legacy patient files from Iora Health',
            'identity_theft_risk': 'High (patient data exposed)',
            'systems_affected': 'Third-party file storage system'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Ongoing risks in healthcare data security, particularly '
                    'for legacy systems integrated into larger platforms',
 'post_incident_analysis': {'corrective_actions': 'Deactivation of compromised '
                                                  'system, revocation of '
                                                  'access, additional '
                                                  'safeguards implementation',
                            'root_causes': 'Unauthorized access to third-party '
                                           'file storage system containing '
                                           'legacy data'},
 'recommendations': 'Implement additional safeguards to prevent future '
                    'breaches, enhance monitoring of third-party systems',
 'references': [{'date_accessed': '2024-06-13',
                 'source': 'One Medical Disclosure'}],
 'regulatory_compliance': {'regulations_violated': 'Potential HIPAA '
                                                   'violations'},
 'response': {'communication_strategy': 'Direct notification to affected '
                                        'patients',
              'containment_measures': 'Deactivated the third-party storage '
                                      'system and revoked access',
              'incident_response_plan_activated': 'Yes',
              'remediation_measures': 'Internal investigation and additional '
                                      'safeguards implementation'},
 'title': 'Amazon One Medical Data Breach Affecting Senior Care Patients',
 'type': 'Data Breach'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.