Law Enforcement Health Benefits and Oklahoma City Indian Clinic Suffer Ransomware Attacks

Share this article on:

Oklahoma City Indian Clinic and Law Enforcement Health Benefits Inc. have confirmed they were recent victims of cyberattacks, both of which involved the use of ransomware.

Ransomware Attack Affects 85,282 Law Enforcement Health Benefits Members

Law Enforcement Health Benefits, Inc. (LEHB) has recently announced that it was the victim of a ransomware attack that was detected on September 14, 2021. External cybersecurity professionals were engaged to assist with the investigation and remediation efforts, and a manual review of files on the affected parts of the network was conducted. That process concluded on February 25, 2022, when it was confirmed that files containing the personal and protected health information of plan members had been exfiltrated from its network.

LEHB said the following types of information had been compromised: names, dates of birth, Social Security numbers, driver’s license numbers, financial account numbers, health insurance information, medical record numbers, patient account numbers, and diagnosis/treatment information.

While it was confirmed that files were exfiltrated from its systems, LEHB said it is unaware of any actual or attempted misuse of members’ information. Notification letters have been sent to individuals for whom a current address could be determined, and complimentary credit monitoring services have been offered to individuals whose Social Security numbers were potentially compromised. LEHB said it has taken steps to secure its network and improve internal procedures to allow the rapid identification and remediation of future threats.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 85,282 individuals.

Oklahoma City Indian Clinic Investigating Cyberattack

Oklahoma City Indian Clinic (OKCIC), a 501(c)(3) non-profit organization that provides healthcare services to more than 20,000 patients from 200 Native American tribes in Oklahoma, recently announced on its website and social media accounts that ‘technological issues’ and network disruption are currently being experiencing which have prevented access to certain computer systems. The attack appears to have occurred on or around March 10, 2022 and has affected the automatic refill line and mail order services of its pharmacy.

The OKCIC IT team and third-party specialists are currently investigating the incident and are working to restore access to the affected systems. No mention was made of the nature of the incident, but it appears to be a ransomware attack. The Suncrypt ransomware gang has claimed responsibility for the cyberattack and has added Oklahoma City Indian Clinic to its data leak website. According to, Suncrypt claims to have stolen more than 350 GB of data prior to encrypting files, including patients’ electronic medical records and financial documents.

Suncrypt has threatened to leak the data if Oklahoma City Indian Clinic does not negotiate and pay the ransom demand. Oklahoma City Indian Clinic said the investigation into the attack is ongoing and at this stage of the investigation, no evidence of data theft has been found.

The incident has recently been reported to the HHS’ Office for Civil Rights as affecting up to 38,239 individuals.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On