Ransomware Attack on Omni Family Health Exposes 2.7 TB of Data
Incident Date:
August 6, 2024
Overview
Title
Ransomware Attack on Omni Family Health Exposes 2.7 TB of Data
Victim
Omni Family Health
Attacker
Hunters International
Location
First Reported
August 6, 2024
Ransomware Attack on Omni Family Health by Hunters International
Omni Family Health, a non-profit healthcare organization serving California's Central Valley, has become the latest victim of a ransomware attack by the Hunters International group. The breach, discovered on August 7, resulted in the exfiltration of 2.7 TB of sensitive data, affecting both the organization and its patients.
About Omni Family Health
Established in 1978, Omni Family Health operates 39 health centers across Kern, Kings, Tulare, and Fresno counties. The organization employs over 200 healthcare providers and offers a wide range of services, including general healthcare, dental care, and behavioral health services. Omni Family Health is known for its commitment to accessibility and affordability, implementing a sliding fee scale for uninsured patients and providing telehealth services to reach remote and underserved populations.
Attack Overview
The ransomware attack orchestrated by Hunters International led to the exfiltration of approximately 2,914,900 files, totaling 2.7 TB of data. The compromised information spans various domains, including human resources, accounting, medical records, insurance details, and extensive employee databases. This breach poses significant risks to the privacy and security of both the organization and the individuals whose information has been compromised.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, following the disruption of the Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International focuses on data exfiltration and extortion, targeting victims across various regions without a specific focus on particular industries. The group has been linked to Nigeria through domain registrations and email addresses, although they use fake identities to conceal their true origins.
Penetration and Vulnerabilities
While the exact method of penetration remains unclear, it is likely that Hunters International exploited vulnerabilities in Omni Family Health's cybersecurity infrastructure. Given the organization's extensive digital operations, including a patient portal and telehealth services, potential entry points could include phishing attacks, unpatched software, or weak access controls. The significant overlap in ransomware code with Hive suggests that Hunters International may have used similar encryption methods and tactics to infiltrate the system.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.