Omni Family Health says data breach impacted over 450,000 patients and employees

Bakersfield, California-based healthcare provider Omni Family Health said that the data security incident it suffered earlier this year compromised the sensitive personal information of more than 450,000 individuals.

 

In a notice of data breach published on its website, Omni Family Health said that on August 7, it became aware of claims that information was taken from its internal network and posted on the dark web.

 

The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine whether it was breached and the impact of the claimed cyber attack.

 

“Through the investigation, Omni determined the data posted on the dark web appeared to be related to Omni’s patients and employees,” it confirmed.

 

Operating since 1978, Omni Family Health says it provides high quality primary and preventative healthcare services to people in Kern, Kings, Tulare, and Fresno counties. Its list of services includes medical, dental, behavioural health, pharmacy, chiropractic, optometry and other specialty services.

 

The hospital said the data security incident compromised current and former patients’ information, such as their names, addresses, Social Security numbers, dates of birth, health insurance plan information, and medical information.

 

The incident also compromised the personal data of current and former employees, including their names, addresses, Social Security numbers, dates of birth, medical information, health insurance information and financial account information related to direct deposit.

 

Omni Health’s filing with the U.S. Department of Health and Human Services Office for Civil Rights revealed that at least 468,344 individuals were impacted by the data security incident.

 

While the healthcare provider found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

In August, the Hunters International threat group claimed responsibility for the cyber attack on Omni Family Health and listed it as a victim on its data leak site. The group claimed to be in possession of 2.7 TB of information stolen from the healthcare provider. A day later, the group published the stolen data on the dark web, indicating the possibility of a failed ransom negotiation.