Pierluigi Paganini October 19, 2024

Omni Family Health disclosed a data breach affecting nearly 470,000 current and former patients and employees.

Omni Family Health is a nonprofit organization that provides healthcare services to communities in California, focusing on underserved populations. They offer a range of services, including primary care, dental care, behavioral health, and preventive services. Omni Family Health aims to improve access to quality healthcare and address health disparities in the regions they serve.

Omni Family Health is notifying nearly 470,000 individuals that their personal information was compromised in a data breach resulting from a cyberattack that occurred earlier this year.

The organization discovered the security breach on August 7, 2024, following claims that information was taken from its systems and leaked on the dark web. The company promptly launched an investigation into the incident with the help of external cybersecurity specialists.

“On August 7, 2024, we became aware of claims that information was taken from our systems and posted on the dark web. The dark web is a hidden part of the internet that is not accessible through regular search engines like Google. Upon learning of these claims, we immediately initiated an investigation and engaged outside cybersecurity specialists to assist with our efforts. We also notified federal law enforcement.” reads the data breach notification. “Through the investigation, Omni determined the data posted on the dark web appeared to be related to Omni’s patients and employees. Consequently, we are notifying individuals whose information could be included in the posted data.”

The data breach at Omni Family Health may have exposed varying personal information for current and former patients, including names, addresses, Social Security numbers, dates of birth, health insurance details, and medical information.

Omni told the US Department of Health and Human Services that the incident impacted 468344 individuals.

The Hunters International ransomware gang claimed responsibility for the attack. The group claimed to have stolen 2.7 terabytes of data and listed the organization on its Tor leak site, releasing the stolen information on August 23.

Omni is not aware of any fraudulent activity involving impacted individuals, however it is encouraging them to take steps to protect their personal information.

Omni Family Health is offering the impacted individuals with 12 months of free credit monitoring and identity protection services.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Omni Family Health)