HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Law Enforcement Health Benefits and Oklahoma City Indian Clinic Suffer Ransomware Attacks

Oklahoma City Indian Clinic and Law Enforcement Health Benefits Inc. have confirmed they were recent victims of cyberattacks, both of which involved the use of ransomware.

Ransomware Attack Affects 85,282 Law Enforcement Health Benefits Members

Law Enforcement Health Benefits, Inc. (LEHB) has recently announced that it was the victim of a ransomware attack that was detected on September 14, 2021. External cybersecurity professionals were engaged to assist with the investigation and remediation efforts, and a manual review of files on the affected parts of the network was conducted. That process concluded on February 25, 2022, when it was confirmed that files containing the personal and protected health information of plan members had been exfiltrated from its network.

LEHB said the following types of information had been compromised: names, dates of birth, Social Security numbers, driver’s license numbers, financial account numbers, health insurance information, medical record numbers, patient account numbers, and diagnosis/treatment information.

While it was confirmed that files were exfiltrated from its systems, LEHB said it is unaware of any actual or attempted misuse of members’ information. Notification letters have been sent to individuals for whom a current address could be determined, and complimentary credit monitoring services have been offered to individuals whose Social Security numbers were potentially compromised. LEHB said it has taken steps to secure its network and improve internal procedures to allow the rapid identification and remediation of future threats.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The breach has been reported to the HHS’ Office for Civil Rights as affecting 85,282 individuals.

Oklahoma City Indian Clinic Investigating Cyberattack

Oklahoma City Indian Clinic (OKCIC), a 501(c)(3) non-profit organization that provides healthcare services to more than 20,000 patients from 200 Native American tribes in Oklahoma, recently announced on its website and social media accounts that ‘technological issues’ and network disruption are currently being experiencing which have prevented access to certain computer systems. The attack appears to have occurred on or around March 10, 2022 and has affected the automatic refill line and mail order services of its pharmacy.

The OKCIC IT team and third-party specialists are currently investigating the incident and are working to restore access to the affected systems. No mention was made of the nature of the incident, but it appears to be a ransomware attack. The Suncrypt ransomware gang has claimed responsibility for the cyberattack and has added Oklahoma City Indian Clinic to its data leak website. According to Databreaches.net, Suncrypt claims to have stolen more than 350 GB of data prior to encrypting files, including patients’ electronic medical records and financial documents.

Suncrypt has threatened to leak the data if Oklahoma City Indian Clinic does not negotiate and pay the ransom demand. Oklahoma City Indian Clinic said the investigation into the attack is ongoing and at this stage of the investigation, no evidence of data theft has been found.

The incident has recently been reported to the HHS’ Office for Civil Rights as affecting up to 38,239 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.