3AM Ransomware Compromises Data of 464,000 Kootenai Health Patients

By|
Admin
|
2024-08-17
|
Ransomware

Kootenai Health has disclosed a significant data breach involving the personal information of over 464,000 patients, following an attack by the 3AM ransomware group.

Kootenai Health, a prominent non-profit healthcare provider in Idaho, operates the largest hospital in the region and offers a comprehensive range of medical services, including emergency care, surgery, cancer treatment, cardiac care, and orthopaedics.

The breach was detected in early March 2024, after unusual activity disrupted the organization's IT systems. An investigation revealed that cybercriminals gained unauthorized access to Kootenai's systems on February 22, 2024, allowing them ten days to navigate the network and extract sensitive data.

According to the notification submitted to Maine's Attorney General's Office, the breach involved unauthorized access to various types of data, including:

* Full names
* Dates of birth
* Social Security numbers (SSNs)
* Driver's licenses
* Government ID numbers
* Medical record numbers
* Details of medical treatments and conditions
* Medical diagnoses
* Health insurance information

 

The investigation, completed on August 1, confirmed that this data was exposed. Kootenai Health has not yet identified any misuse of the stolen information. The organization is offering impacted individuals 12 to 24 months of identity protection services and has provided further details and support links on its website.

The 3AM ransomware gang has claimed responsibility for the attack and has leaked the stolen data on their darknet portal, revealing that a ransom was not paid. The leaked data, totaling 22GB, is now available for free download, potentially enabling further malicious activities.

3AM ransomware, a Rust-based strain first identified in September 2023, has seen limited deployment but is used as a fallback when other ransomware variants fail. Recent reports from Intrisec analysts suggest links between 3AM and other ransomware groups such as Conti and Royal, indicating possible connections among these threat actors.