Ransomware Attack on Omni Family Health Exposes 2.7 TB of Data

Incident Date:

August 6, 2024

World map

Overview

Title

Ransomware Attack on Omni Family Health Exposes 2.7 TB of Data

Victim

Omni Family Health

Attacker

Hunters International

Location

Bakersfield, USA

California, USA

First Reported

August 6, 2024

Ransomware Attack on Omni Family Health by Hunters International

Omni Family Health, a non-profit healthcare organization serving California's Central Valley, has become the latest victim of a ransomware attack by the Hunters International group. The breach, discovered on August 7, resulted in the exfiltration of 2.7 TB of sensitive data, affecting both the organization and its patients.

About Omni Family Health

Established in 1978, Omni Family Health operates 39 health centers across Kern, Kings, Tulare, and Fresno counties. The organization employs over 200 healthcare providers and offers a wide range of services, including general healthcare, dental care, and behavioral health services. Omni Family Health is known for its commitment to accessibility and affordability, implementing a sliding fee scale for uninsured patients and providing telehealth services to reach remote and underserved populations.

Attack Overview

The ransomware attack orchestrated by Hunters International led to the exfiltration of approximately 2,914,900 files, totaling 2.7 TB of data. The compromised information spans various domains, including human resources, accounting, medical records, insurance details, and extensive employee databases. This breach poses significant risks to the privacy and security of both the organization and the individuals whose information has been compromised.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, following the disruption of the Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International focuses on data exfiltration and extortion, targeting victims across various regions without a specific focus on particular industries. The group has been linked to Nigeria through domain registrations and email addresses, although they use fake identities to conceal their true origins.

Penetration and Vulnerabilities

While the exact method of penetration remains unclear, it is likely that Hunters International exploited vulnerabilities in Omni Family Health's cybersecurity infrastructure. Given the organization's extensive digital operations, including a patient portal and telehealth services, potential entry points could include phishing attacks, unpatched software, or weak access controls. The significant overlap in ransomware code with Hive suggests that Hunters International may have used similar encryption methods and tactics to infiltrate the system.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.