Ransomware Attack on Oklahoma Sleep Institute by ThreeAM
Incident Date:
October 10, 2024
Overview
Title
Ransomware Attack on Oklahoma Sleep Institute by ThreeAM
Victim
The Oklahoma Sleep Institute
Attacker
Threeam
Location
First Reported
October 10, 2024
Ransomware Attack on Oklahoma Sleep Institute by ThreeAM Group
The Oklahoma Sleep Institute LLC, a key player in the healthcare sector specializing in sleep medicine, has recently fallen victim to a ransomware attack orchestrated by the ThreeAM group. This incident underscores the growing threat of cyberattacks on healthcare providers, particularly those handling sensitive patient data.
About Oklahoma Sleep Institute
Founded in 2003, the Oklahoma Sleep Institute is dedicated to diagnosing and treating sleep disorders such as Obstructive Sleep Apnea, insomnia, and narcolepsy. With approximately 26 employees, the institute operates in Oklahoma City and Tulsa, providing advanced diagnostic services and personalized treatment plans. The institute is recognized for its patient-centric approach, offering comprehensive care through a team of Advanced Registered Nurse Practitioners and a Board Certified Sleep Physician.
Details of the Attack
The ThreeAM ransomware group has claimed responsibility for the attack, which involved the unauthorized acquisition of sensitive data from the institute. This breach poses significant risks to patient confidentiality and the integrity of the institute's operations. The attack highlights vulnerabilities in the healthcare sector, where the protection of sensitive information is paramount.
Profile of ThreeAM Ransomware Group
ThreeAM is a relatively new ransomware strain, known for its sophisticated methods and connections to other cybercriminal organizations. Written in Rust, the ransomware encrypts files and appends the extension ".threeamtime" to them. It is often used as a fallback option when other ransomware deployments, such as LockBit, fail. The group is linked to well-known ransomware entities like Conti and Royal, indicating a shared infrastructure and tactics.
Potential Vulnerabilities and Penetration Methods
The attack on the Oklahoma Sleep Institute may have exploited common vulnerabilities in healthcare IT systems, such as outdated software or insufficient security protocols. ThreeAM's strategy often involves disabling security and backup services to maximize damage, which could have been a factor in this breach. The institute's reliance on digital technology for patient care and data management makes it a prime target for such sophisticated cyber threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.