Oklahoma City Indian Clinic confirms ransomware attack

A newly released notification from Oklahoma City Indian Clinic (OKCIC) on May 12 confirmed that the ongoing network disruption was brought on by a ransomware attack. OKCIC also confirmed that the data breach, which occurred in March, exposed personally identifiable information (PII) and protected the health information of 38,239 patients.

 

OKCIC first experienced a network disruption on March 10 that impacted its ability to access certain files on its network. The attack led OKCIC to shut down its automatic refill line and mail order service of its pharmacy department.

 

An investigation by a third-party forensic firm confirmed that an unauthorized party accessed – and possibly retained – sensitive customer information, including name, dates of birth, treatment information, prescription information, medical records, physician information, health insurance policy numbers, phone numbers, Tribal ID numbers, Social Security numbers and driver’s license numbers of customers.

 

Although an “unknown actor” may have accessed the files, there is no indication that any data has been misused, OKCIC said in a release. OKCIC sent out data breach letters to all affected parties, informing them of the incident and how to protect themselves from identity theft and other frauds. People can call 1-833-909-4436 for assistance.