Ransomware Attack on Omni Family Health Exposes 2.7 TB of Data
Ransomware Attack on Omni Family Health by Hunters International
Omni Family Health, a non-profit healthcare organization serving California's Central Valley, has become the latest victim of a ransomware attack by the Hunters International group. The breach, discovered on August 7, resulted in the exfiltration of 2.7 TB of sensitive data, affecting both the organization and its patients.
About Omni Family Health
Established in 1978, Omni Family Health operates 39 health centers across Kern, Kings, Tulare, and Fresno counties. The organization employs over 200 healthcare providers and offers a wide range of services, including general healthcare, dental care, and behavioral health services. Omni Family Health is known for its commitment to accessibility and affordability, implementing a sliding fee scale for uninsured patients and providing telehealth services to reach remote and underserved populations.
Attack Overview
The ransomware attack orchestrated by Hunters International led to the exfiltration of approximately 2,914,900 files, totaling 2.7 TB of data. The compromised information spans various domains, including human resources, accounting, medical records, insurance details, and extensive employee databases. This breach poses significant risks to the privacy and security of both the organization and the individuals whose information has been compromised.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, following the disruption of the Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International focuses on data exfiltration and extortion, targeting victims across various regions without a specific focus on particular industries. The group has been linked to Nigeria through domain registrations and email addresses, although they use fake identities to conceal their true origins.
Penetration and Vulnerabilities
While the exact method of penetration remains unclear, it is likely that Hunters International exploited vulnerabilities in Omni Family Health's cybersecurity infrastructure. Given the organization's extensive digital operations, including a patient portal and telehealth services, potential entry points could include phishing attacks, unpatched software, or weak access controls. The significant overlap in ransomware code with Hive suggests that Hunters International may have used similar encryption methods and tactics to infiltrate the system.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!