Thought Leadership
The cybercrime group ShinyHunters claims it has exfiltrated 8.8 terabytes of data from the U.S. healthcare provider One Medical, a subsidiary of Amazon. According to the group, the stolen dataset includes both corporate and patient-related information.
ShinyHunters has published the allegation on its dark web leak site and is using the supposed data breach as leverage in an extortion attempt. The group has set a negotiation deadline of June 22, 2026, after which it threatens to publish the data. So far, no sample files or datasets have been released that would independently confirm the scope or nature of the claimed breach.
Background on Amazon healthcare provider One Medical
One Medical is a U.S.-based primary care provider founded in 2007 and acquired by Amazon in 2023. The company operates more than 250 clinics across 19 major U.S. cities and serves over 830,000 patients through both in-person and virtual healthcare services.
In parallel to this incident, One Medical Seniors, a business unit focused on elderly patient care, recently reported a separate security incident involving a third-party storage provider. That incident reportedly affected a limited number of patient records.
About ShinyHunters
ShinyHunters is known for a string of high-profile data theft campaigns targeting corporations and institutions worldwide. Unlike traditional ransomware operations, the group primarily focuses on data exfiltration followed by extortion threats tied to publication. In past incidents, the group has been linked to breaches at multiple international organizations, often exploiting vulnerabilities in cloud environments and enterprise IT infrastructure to gain access to databases and internal systems.
(ll)
