Law Enforcement Health Benefits and Oklahoma City Indian Clinic Experience Ransomware Attacks

85,282 Law Enforcement Health Benefits Members Impacted by Ransomware Attack

Law Enforcement Health Benefits, Inc. (LEHB) has lately stated that it suffered a ransomware attack that was identified on September 14, 2021. External cybersecurity experts were hired to support the investigation and remediation initiatives, and a manual evaluation of files on the attacked areas of the network was carried out. That process ended on February 25, 2022, when it was affirmed that files that contain the personal data and protected health information (PHI) of plan members were stolen from its system.

LEHB stated the following types of information were compromised: names, Social Security numbers, dates of birth, financial account numbers, driver’s license numbers, health insurance data, diagnosis/treatment details, patient account numbers, and medical record numbers.

Although it was proven that files were copied from its systems, LEHB mentioned it is unaware of any actual or attempted misuse of members’ data. Notification letters were mailed to people with known current addresses, and complimentary credit monitoring services were provided to them whose Social Security numbers were possibly exposed. LEHB claimed it has taken the necessary steps to protect its network and enhance internal procedures to permit the quick detection and remediation of future threats.

LEHB submitted the breach report to the HHS’ Office for Civil Rights indicating that 85,282 individuals were affected.

Oklahoma City Indian Clinic Cyberattack Investigated

Oklahoma City Indian Clinic (OKCIC), a 501(c)(3) non-profit group that provides healthcare services to approximately 20,000 patients from 200 Native American tribes located in Oklahoma, just reported on its website and social media accounts that it is currently experiencing technological issues and network disruption that blocked access to some computer systems. The attack appears to have happened on or about March 10, 2022 and has impacted the pharmacy’s automated refill line and mail order services.

The OKCIC IT team and third-party professionals are investigating the incident at this time and are striving to re-establish access to the problematic systems. There was no mention of the nature of the problem, however, it looks like a ransomware attack. The Suncrypt ransomware gang has said that it is responsible for the cyberattack and has put Oklahoma City Indian Clinic on its data leak site. As reported by, Suncrypt states it has stolen over 350 GB of information prior to file encryption. The stolen information included patients’ financial records and electronic medical records.

Suncrypt threatened Oklahoma City Indian Clinic that the data will be leaked if there was no negotiation or ransom demand payment. Oklahoma City Indian Clinic reported the investigation into the attack is in progress and at this phase of the investigation, no proof of data theft was discovered.