Oklahoma City-based Integris Health faces a multimillion-dollar lawsuit over a ransomware attack in which hackers attempted to extort patients on Christmas Eve, KFOR reported.
Hackers reportedly emailed 2 million patients on Dec. 24 demanding $50 in bitcoin or their data would be published to the dark web.
"That's not a merry Christmas," William Federman, an attorney who filed the class-action complaint, told the news outlet for the Dec. 29 story.
The health system posted a notice about the breach on its website later that day and began notifying affected patients Dec. 26. Integris said it found that its files may have been accessed as early as Nov. 28.
"Why didn’t they tell people?" Mr. Federman told KFOR. "They've withheld this information for over a month while people have been mucking around in your and everyone else in Oklahoma City's personal information?"
Integris Health encouraged patients not to respond to the emails or attempt to contact the sender. The health system said the breached data may have included names, dates of birth, contact information and Social Security numbers. An Integris spokesperson didn't respond to a request for comment from Becker's.