ThreeAM Ransomware Attack on Kootenai Health Impacted Over 464,000 Patient Records 

• U.S. Kootenai Health Center announced that a security incident earlier this year affected more than 464,000 patient records.
• In March, the ThreeAM ransomware group leaked the data they had exfiltrated a month before.
• The exposed personal details include full name, date of birth, driver's license, and Social Security Number.

Idaho-based medical center Kootenai Health has disclosed a data breach impacting several subsidiaries, filing a report with the Office of the Maine Attorney General. As a result, the personal information of 464,088 patients was stolen and leaked by the ThreeAM ransomware gang. 

In March, ThreeAM claimed on its extortion portal that it had leaked 22 GB of stolen data from Kootenai Health on February 22, which suggests the health firm declined to pay the ransom.

The company’s investigation this month confirmed that the leaked patient details include insurance information such as full name, date of birth, Social Security Number, driver's license, government ID number, as well as medical record number, diagnosis, and health information. 

Kootenai Health started notifying the affected patients on August 12 and announced that it would provide 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.

The not-for-profit healthcare provider operates the largest hospital in Idaho and offers several medical services. The security incident affected Kootenai Health subsidiaries Kootenai Clinic, Kootenai Outpatient Surgery, and Kootenai Outpatient Imaging.

First seen in September 2023, the ThreeAM ransomware group uses Rust-based malware, and security analysts have associated it with Conti and Royal.

This year, numerous cyberattacks on the healthcare industry were seen. U.S. administrative and clinical healthcare services provider Calibrated Healthcare acknowledged a data breach that compromised sensitive patient information, and American company Change Healthcare was hit by a ransomware attack exposing customer details.

In July, HealthEquity data stolen from a third party with access to HealthEquity’s SharePoint data affected 4.3 million customers.