Law Enforcement Health Benefits and Oklahoma City Indian Clinic Encounter Ransomware Attacks

Oklahoma City Indian Clinic Cyberattack Reported

Oklahoma City Indian Clinic (OKCIC), a 501(c)(3) nonprofit provider of healthcare services to approximately 20,000 individuals from 200 Native American tribes based in Oklahoma, just published on its web page and social media pages that it is presently encountering technological problems and network interruption that hindered access to a number of computer systems. The attack seems to have taken place on or approximately March 10, 2022 and has impacted its pharmacy’s programmed refill line and mail order services.

The OKCIC IT staff and third-party experts are investigating the occurrence now and are trying to fix access to the impacted systems. There was no statement concerning the nature of the occurrence, although it seems to be a ransomware attack. The Suncrypt ransomware group has stated that it is behind the cyberattack and has included Oklahoma City Indian Clinic on its data leak webpage. As per, Suncrypt says it has stolen over 350 GB of data before encrypting files. Stolen data included patients’ financial files and electronic medical records.

Suncrypt wrote Oklahoma City Indian Clinic that the information will be exposed if there is no deal or ransom payment received. Oklahoma City Indian Clinic reported the investigation into the attack is not yet finished and at this point of the investigation, no information of data theft was discovered.

85,282 Law Enforcement Health Benefits Members Affected by Ransomware Attack

Law Enforcement Health Benefits, Inc. (LEHB) has lately stated that it encountered a ransomware attack that was identified on September 14, 2021. External cybersecurity specialists were employed to help with the investigation and remediation work, and a manual analysis of files on the impacted sections of the system was done. That process finished on February 25, 2022, when it was established that files comprising the personal information and protected health information (PHI) of plan members were stolen from its network.

LEHB mentioned these types of data were compromised: names, Social Security numbers, birth dates, driver’s license numbers, financial account numbers, medical insurance data, diagnosis/treatment details, medical record numbers, and patient account numbers.

Though it was affirmed that files were copied from its network, LEHB stated it does not know of any actual or attempted improper use of members’ information. Notification letters were delivered to folks with identified recent addresses, and free credit monitoring services were given to persons whose Social Security numbers were likely exposed. LEHB mentioned it has taken action to safeguard its system and strengthen internal procedures to enable the fast recognition and remediation of upcoming threats.

LEHB reported the breach to the HHS’ Office for Civil Rights stating that 85,282 persons were affected.