Minimal network security at INTEGRIS Health enabled hackers to steal personal identities of 2.4 million Oklahomans.

A recently filed class action lawsuit alleges INTEGRIS Health failed to implement reasonable and appropriate security measures to protect patient data, despite being aware of a high risk of ransomware and other cyberattacks on hospitals.

As a result of Integris’ insufficient data security, cyber-criminals easily infiltrated its inadequately protected computer systems and stole the Personal Identifiable Information (“PII”) of 2,431,693 individuals – all Oklahoma residents.

According to the lawsuit, cyber-criminals responsible for the cyberattack have already begun directly extorting victims affected by the data breach after Integris refused to pay the ransom. Affected individuals must now live the rest of their lives under the real threat of identity theft/fraud and the devastating consequences that go along with it.

The lawsuit also criticizes Integris Health for its lack of transparency and claims the healthcare provider did not make any announcement about the attack until after patients were contacted directly by the hackers on December 24, 2023.

To ad insult to injury, according to the announcement on its’ website, Integris is not offering any form of identity or credit protection to individuals affected by the breach – essentially leaving victims to live with the lifetime threat of identity theft/fraud at their own expense.

What Happened?

According to the information posted on Integris’ website, the threat actor gained access to its computer systems on Novemeber 28, 2023. In response, Integris contained the incident, terminated all unauthorized access, and then began working with third-party data security specialists to assist with its investigation.

What Information Was Obtained By The Hackers?

After learning that sensitive patient data was accessed by an unauthorized third party, Integris reviewed the compromised files to determine what information was leaked and which patients/employees were impacted. According to the breach notification, the investigation revealed that data obtained by the hackers include:

• name
• date of birth,
• contact information,
• demographic information,
• Social Security number,
• drivers license number,
• financial/payment information,
• username/password

After it was learned on December 24, 2023 that hackers were beginning to directly extort patients affected by the breach, Integris posted a breach notice on its website. According to the update posted Feb 6, 2024, Integris has begun to mail out notification letters to affected individuals advising them of the information stolen.

What Is Integris Doing To Protect My Identity?

According to the information posted on Integris’ website, it is not offering any form of identity theft or credit protection – essentially leaving victims of Integris’ negligence to fend for themselves.

If you received a data breach notification from INTEGRIS Health, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options at no cost to you. For more information, please review these recommendations.

Protect Yourself. Join The INTEGRIS Health Data Breach Class Action.

If you received a Data Breach Notice from INTEGRIS Health, you could now be at risk of identity theft and the devastating financial and legal consequences that go along with it.

You may be eligible to participate in a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more. A successful case could also force Integris Health to ensure it takes proper steps to protect the information it was entrusted with.

The lawsuit looks to cover anyone in the USA whose private information was compromised by the breach announced by Integris Health on December 24, 2023.

Please complete the below form shown on this page and a data breach attorney will contact you. There is no cost to you and no obligation on your part.