The cyber extortion group ShinyHunters claims it stole 8.8 terabytes of data from Amazon-owned One Medical and has threatened to publish the information unless the healthcare provider enters ransom negotiations.
Amazon-owned healthcare provider One Medical is investigating a cybersecurity incident after threat group ShinyHunters claimed responsibility for stealing 8.8 terabytes of company data and threatened to leak the information publicly. The alleged theft follows One Medical’s disclosure of unauthorized access to a third-party file storage system containing archived records associated with its One Medical Seniors business, formerly known as Iora Health.
According to One Medical, the intrusion was discovered on June 13, 2026, and investigators determined that an unauthorized party accessed the storage environment between June 8 and June 11. The company emphasized that the breach was confined to the affected file storage platform and did not impact its electronic medical record system, clinics, virtual care services, or other Amazon infrastructure. Following discovery of the incident, access to the platform was revoked, credentials were rotated, and additional security measures were implemented.
The compromised storage environment reportedly contained demographic and clinical records belonging to certain One Medical Seniors patients across multiple regions, including Atlanta, Denver, Houston, Phoenix, Seattle, Charlotte, Cape Cod, Tucson, and the Piedmont Triad area. While One Medical has confirmed that patient information was stored within the affected environment, the exact categories of exposed data and the total number of impacted individuals have not yet been disclosed.
Adding pressure to the investigation, ShinyHunters has listed One Medical on its dark web leak site and issued an ultimatum demanding contact by June 22, 2026, or the alleged stolen data would be published. The group has a history of targeting major healthcare and enterprise organizations through data theft and extortion campaigns. However, neither One Medical nor independent researchers have verified the claim that 8.8TB of data was exfiltrated, and the threat actors have yet to release sample files as proof. Until additional evidence emerges, the true scale of the incident remains uncertain.
