Amazon
One Medical Seniors has disclosed an event last week involving limited unauthorized access to a third-party file storage system containing archived patient records.
"On June 13, we learned that an unauthorized person gained access to a third-party file storage system used to retain archived information of Iora Health, a company acquired by One Medical in 2021, which today operates as One Medical Senior Health," the company wrote in a blog. "We immediately took action to deactivate the system and revoke all access, and we launched a thorough investigation.
"Our investigation determined that certain patient files related to a limited number of legacy Iora Health and One Medical Seniors patients were accessed. No other One Medical patients were impacted by this event. This event was isolated to the third-party file storage system, and no other One Medical or Amazon systems were impacted."
One Medical is reaching out to affected patients.
"As part of our commitment to protecting patient information, we are sharing an update on a recent security event at One Medical Senior Health (formerly Iora Health) and the steps we have taken to protect patient information," the blog said. "We apologize for this event and are notifying affected patients directly. We take the security of patient information seriously and are implementing additional safeguards to prevent similar events in the future."
Meanwhile, a ransomware extortion group known as ShinyHunters has made unverified claims that it has stolen a large amount of data from Amazon One Medical and threatens to make it public by June 22 unless its demands are met.
"So far, the attackers have not published any samples of the allegedly exfiltrated data, making it impossible to determine what type of information may be involved," Cybernews reported. "However, given the services that One Medical provides, the stolen information could include sensitive medical data and other personally identifiable information of patients. Personally identifiable information, paired with medical information, is a goldmine for scammers and cybercriminals. Such data could be exploited for identity theft, highly convincing and targeted phishing campaigns, and social engineering attacks."
One Medical is a primary care practice pairing 24/7 virtual care services with in-person care at more than 100 U.S. locations. "One Medical is on a mission to transform health care for all through a human-centered, technology-powered approach to caring for people at every stage of life," according to the company.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.