by Dave Moore, CISSP
02/25/2024
Remember the great Integris/St. Anthony hospitals hacking crisis I first reported to you last January 14? Internet bad guys stealing private data on millions of patients, and in the case of Integris, sending their victims ransom demand letters?
Well, there’s more. Last week, February 15, 2024 (Case 5:23-cv-01208-D), in the United States District Court for the Western District of Oklahoma, Chief United States District Judge Timothy DeGiusti, regarding the class action lawsuit that has been filed against Integris Health, Inc.(Zinck et al v. INTEGRIS Health Inc.), reaffirmed what we all hoped wasn’t true: 2,431,693 individuals, all Oklahoma residents, hacked, and their lives put in jeopardy because Integris couldn’t seem to keep their private information safe.
From the Court filing of February 15, Judge DeGiusti notes that documents filed by Integris attorneys state, “2,624,041 individuals residing in the United States have been notified” of the Integris data breach. Of those already notified, “2,431,693 individuals are Oklahoma residents.” Put another way, 92.67% of those already notified are Oklahoma residents. Further, any future notifications are not expected to “substantially change the percentage of notified Oklahoma residents.”
As the 2021 US Census shows the population of Oklahoma to be 3.987 million, the Integris hack affects over 60% of the entire population of the State of Oklahoma.
So, what now? As things stand, Judge DeGiusti has ordered the parties involved to resolve the issue of jurisdiction by March 7. Is the class action suit a Federal case, or is it a State of Oklahoma case, since most of the hacking victims live in Oklahoma?
We shall see, but in the meantime, if you are one of the 2,431,693 Integris hack victims, you are encouraged to contact Lacrista A. Bagley at the law firm of Federman & Sherwood, as they are one of the law firms representing victims in the case. You may contact Lacrista by email at lab@federmanlaw.com.
It is also important that you take precautions to protect yourself. Visit the Transcript website and read the series I wrote on the Integris, St. Anthony’s, MidFirst and Arvest Bank hacks and what to do beginning January 14, and following through February 11.
Determine that you are going to take these things seriously. If you are now or have ever been a customer of Integris or St. Anthony’s hospitals, or MidFirst and/or Arvest bank, you have already been put on notice. Accept the reality that these institutions have screwed up royally, and you must take matters into your own hands. They cannot and will not protect you or help you. The ball is now in your court.
At the very least, pull your credit reports and put freezes on your accounts at all four major credit bureaus. Complete the process to get your Identity Protection PIN (IP PIN) from the Internal Revenue Service. Instructions for doing these things are in the columns mentioned above. Talk to your friends and relatives to see if they are aware of what’s going on. The companies involved are doing their best to divert attention away from what they have done. Be thankful we have a local newspaper that’s willing to get the word out.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org