A ransomware-linked extortion group alleges it stole 8.8 terabytes of data from healthcare provider One Medical, though no evidence has been publicly released and the company says a separate security incident was limited in scope.
One Medical, the primary care provider acquired by Amazon in 2023, is facing scrutiny after the cybercriminal group ShinyHunters claimed it exfiltrated 8.8 terabytes of company data and threatened to publish the information unless negotiations were initiated. The allegation has not been independently verified, and the threat actor has yet to release any sample files or evidence to substantiate the claim.
The alleged breach has drawn attention because of One Medical’s extensive healthcare footprint, which includes more than 250 clinics and virtual care services across the United States. If the attackers’ claims prove accurate, the stolen data could potentially contain sensitive patient information, making it valuable for identity theft, financial fraud, and highly targeted social engineering attacks. At present, however, the scope and nature of the purportedly stolen data remain unknown.
Separately, One Medical has acknowledged a security incident involving a third-party file storage system used to retain archived records from legacy Iora Health patients. According to the company, an unauthorized party accessed a limited number of files affecting certain legacy Iora Health and One Medical Seniors patients. One Medical stated that the intrusion was contained to the external storage environment and did not impact other patient populations, company systems, or Amazon infrastructure. Access to the storage platform was revoked immediately, and affected individuals are being notified.
The claims also underscore the continuing threat posed by ShinyHunters, a cybercrime group known for targeting high-profile organizations across healthcare, technology, telecommunications, retail, and government sectors. Unlike traditional ransomware operators that focus on encryption, ShinyHunters frequently relies on data theft and extortion tactics, leveraging the threat of public disclosure to pressure organizations into negotiations. Until evidence emerges, questions remain about whether the group’s claimed 8.8TB haul represents a significant healthcare breach or an exaggerated attempt to gain leverage.
