Kootenai Health data breach affected 464,000 patients

Kootenai Health suffered a data breach affecting more than 464,000 patients following a 3AM ransomware attack.

Kootenai Health has disclosed a data breach affecting more than 464,088 patients after their personal information was leaked by the ThreeAM (3AM) ransomware gang.

Kootenai Health is a healthcare organization based in Coeur d’Alene, Idaho. It is a regional medical center that offers a wide range of medical services, including emergency care, surgical services, cancer care, and specialty treatments. Kootenai Health is known for its comprehensive care approach and has facilities for both inpatient and outpatient services.

According to the data breach notification letter shared with the Maine Attorney General’s Office, on March 2, 2024, the company observed a disruption in access to certain computer systems. It launched an investigation with the help of leading cybersecurity experts.

The investigation revealed that malicious actors breached the organization’s network on or around February 22, 2024. The attackers gained access to patient names, dates of birth, Social Security numbers, driver’s licenses or government-issued identification numbers, medical record numbers, treatment and health status information, medical diagnoses, medication information, and health insurance information.

“On March 2, 2024, Kootenai Health became aware of unusual activity that disrupted access to certain information technology systems. Upon discovery of this activity, we took steps to secure our digital environment,” the statement read. data breach notification letter“The investigation revealed that an unknown actor may have gained unauthorized access to certain data in the Kootenai Health network on or about February 22, 2024. Kootenai Health then conducted a comprehensive review of the affected data to determine what personal and/or protected health information was affected and to verify the affected information and the mailing addresses of the affected individuals to ensure we had the most up-to-date contact information. This process was completed on August 1, 2024.”

In response to the incident, the organization announced additional security measures and notified local authorities, including the Federal Bureau of Investigation. Kootenai Health also offers free credit monitoring and identity theft protection services through IDX, a Zero Fox company.

ThreeAM has already leaked stolen data from its Tor leak site, likely after the company refused to pay the ransom.

Symantec Threat Hunter Team discovered The 3AM ransomware family was released in September 2023. 3AM is a brand new ransomware written in Rust. Before starting the encryption process, the ransomware attempts to stop several services. Once the file encryption is complete, it attempts to delete Volume Shadow Copies (VSS). The malware appends the .threeamtime extension to the filenames of encrypted files. The ransomware is a 64-bit executable that supports several commands to prevent applications from performing backups and security software.

The malware only encrypts files that match predefined criteria.

Follow me on Twitter: @securityaffairs And Facebook and Mastodon

Pierluigi Paganini

(Security Affairs – computer hacking, Kootenai Health)