-
One Medical discovered an unauthorized person accessed a third-party storage system containing archived records from its senior care division.
-
The breach only affects a limited number of One Medical Seniors and former Iora Health patients.
-
The hacking group ShinyHunters has claimed responsibility and says it stole over 8.8 terabytes of data.
Amazon’s healthcare arm, One Medical, has confirmed a data breach. They said they detected the breach on June 13.
The company’s senior-focused business was the target. Luckily, they took immediate action to prevent extensive damage.
What We Know About the Breach
One Medical learned on June 13 that someone had gained unauthorized access to a file storage platform. One Medical acquired Iora Health, a former provider of healthcare services to Medicare patients, in 2021 for approximately $2.1 billion as part of their expansion strategy. The company later rebranded these clinics as One Medical Seniors.
The company’s investigation found that patient files from a limited number of One Medical Seniors and former Iora Health patients were accessed. One Medical has not said exactly how many people the breach affected.
Company Responds Quickly to Contain Incident
One Medical moved fast after discovering the problem. The company disabled the affected storage system right away. They’ve also revoked access and have started looking into the incident.
The good news? One Medical has noted that this was a low impact breach. Only the third-party storage platform was impacted.
It didn’t affect any other One Medical patient groups. This matters because One Medical serves hundreds of thousands of patients nationwide. The incident appears limited to records tied to the senior care division.
The company is contacting patients directly and putting in place new guardrails to prevent something similar from happening again.
ShinyHunters Claim Responsibility
ShinyHunters has made a post on their leak site, naming One Medical as one of their latest victims. They claim they swiped 8.8 terabytes of confidential information from the organization. The group gave the company an ultimatum: get in touch and start negotiations by June 22, or they’ll release everything they took online.
At this point, neither the hackers nor One Medical has confirmed what kind of data was stolen. Neither have the hackers published any proof or samples of the data they took.
But One Medical provides services that involve sensitive health – related personal data. The PII and health record data from medical facilities have much higher value to criminals than some of their other types of data. They may use these records for identity theft, targeting phishing scams or social engineering and gaining access to other accounts.
Iora Health’s Ties to the One Medical Breach
The breach traces back to Iora Health. This company focused on primary care for older adults on Medicare. When One Medical took over Iora Health, the company was managing several clinics across the country. It had about 39,000 patients under its care.
The acquisition helped One Medical expand into senior healthcare. This market has become increasingly important as healthcare companies compete for Medicare patients.
Then, just a year later, Amazon stepped in and planned to buy One Medical for $3.9 billion. This brought One Medical and its senior care operations under Amazon’s growing healthcare division. The former Iora Health clinics now operate as One Medical Seniors.
Constant Cyber Attacks on the Healthcare Sector
This incident clearly shows that cybercriminals are still zeroing in on healthcare organizations. Medical records have everything: personal details, financial info, and health data all rolled into one.
The trend is alarming. Ransomware attacks on US care providers have been exposing sensitive data of senior patients, showing how widespread this threat has become.
Even archived records need protection. Healthcare organizations are still on the hook to protect those records, even if they aren’t actively using them anymore. The breach really shines a light on the risk from third-party vendors, too.
These days, a lot of providers rely on other companies to manage and store their data. So if one of those vendors suffers a hack attack, patient data is suddenly at risk. This can happen even when the healthcare provider’s own network stays secure. One Medical says they shut down the affected storage system, effectively stopping unauthorized access.
What Comes Next?
The company’s investigation continues. Additional details may emerge as they review what information the attacker accessed. One Medical has not identified which third-party vendor the breach affected. They didn’t say if any law enforcement agency was involved in the investigation.
When health care records leak like this, it’s a goldmine for scammers; they get everything they need to carry out identity theft. So, if you’re a patient, keep your eyes open. Don’t trust unexpected emails, and don’t ignore any random notifications in your accounts.
The company said it would contact affected patients directly. If any patients don’t hear from One Medical, it’s likely the breach didn’t affect them. Healthcare data remains attractive to criminals. Companies must protect patient information at all stages, even after archiving it.
One Medical faces the challenge of rebuilding trust with affected patients. They’d need to clearly communicate about what happened and the scope of impact.
