3AM Clock

Kootenai Health has disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation.

Kootenai Health is a not-for-profit healthcare provider in Idaho, operating the largest hospital in the region, offering a wide range of medical services, including emergency care, surgery, cancer treatment, cardiac care, and orthopedics.

The organization is notifying patients who received care at its facilities that it detected a cyberattack in early March 2024, which disrupted certain IT systems.

An ongoing investigation shows that the cybercriminals gained unauthorized access to Kootenai's systems on February 22, 2024, allowing the threat actors ten days to roam the network and steal sensitive data.

"On March 2, 2024, Kootenai Health became aware of unusual activity that disrupted access to certain IT systems," reads the notification submitted to Maine's AG Office.

"The investigation revealed that an unknown actor may have gained unauthorized access to certain data from the Kootenai Health network on or about February 22, 2024."

The examination of what data has been stolen as a result of this breach was concluded on August 1, confirming the following as exposed:

  • Full names
  • Dates of birth
  • Social Security numbers (SSNs)
  • Driver's Licenses
  • Government ID numbers
  • Medical record numbers
  • Medical treatment and condition information
  • Medical diagnoses
  • Health insurance information

Kootenai Health states that it's unaware of any misuse of the stolen information. It also enclosed instructions for impacted individuals to enroll in 12-24 months of identity protection services, depending on what data was exposed.

Patients may also visit the hospital's announcement published on the Kootenai Health website for more information and support links.

3AM ransomware leaks the data

The 3AM ransomware gang has claimed responsibility for the attack and leaked stolen data on its darknet portal, indicating that a ransom was not paid.

The stolen data consists of a 22GB archive, available for free, allowing any other cybercriminal to download the data and utilize it in further attacks.

Kootenai Health data leaked on the 3AM extortion portal
Kootenai Health data leaked on the 3AM extortion portal
Source: BleepingComputer

3AM is a Rust-based ransomware strain first reported in September 2023, seeing limited deployment as a fallback option for when more proven lockers failed.

In January, Intrisec analysts reported seeing notable links between 3AM, Conti, and the Royal ransomware gangs, suggesting some association between the three gangs.

Related Articles:

INC Ransom threatens to leak 3TB of NHS Scotland stolen data

Tech giant Nidec confirms data breach following ransomware attack

BianLian ransomware claims attack on Boston Children's Health Physicians

Casio confirms customer data stolen in a ransomware attack

Underground ransomware claims attack on Casio, leaks stolen data