Nearly 2.4 million patients of Oklahoma City-based Integris Health were caught up in a data breach where the alleged hackers sent extortion emails directly to some of them.
The health system reported Feb. 6 that it determined an "unauthorized party" had accessed or stolen patient data Nov. 28. Integris also said it learned Dec. 24 that a group claiming responsibility for the hack was reaching out to patients.
"We encourage anyone receiving such communications to NOT respond or contact the sender, or follow any of the instructions, including accessing any links," the statement said. Integris told HHS that 2.39 million individuals were affected by the breach.
Integris is facing several class-action lawsuits over the hack, with some patients claiming they learned about the event through the media and that the hackers contacted them about it before the health system did, NonDoc reported Feb. 14. A plaintiff's attorney told the news outlet Integris is "playing corporate amnesia" by not providing more information on the event.
A health system spokesperson declined to comment to the publication on specifics, citing the ongoing investigation.
The FBI is seeking information from people who were contacted by the alleged hackers. The group demanded $50 each from patients or claimed they would sell their data on the dark web.