Amazon's One Medical confirms a legacy-storage breach; ShinyHunters' 8.8TB claim is unverified and its deadline expires today `[SINGLE-SOURCE]`
From CTI Daily Brief — 2026-06-21 · published 2026-06-21 · view item permalink →
One Medical (Amazon) confirmed on 2026-06-13 that an unauthorised party accessed a legacy third-party file-storage system retaining archived records for One Medical Seniors (formerly Iora Health), during a 2026-06-08 to 2026-06-11 window, affecting demographic and clinical records for patients at nine clinics (BankInfoSecurity, 2026-06-19). One Medical states the breach is confined to that legacy system. Separately, ShinyHunters claims theft of 8.8 TB and set a 2026-06-22 negotiation deadline — today — but the company has not confirmed ShinyHunters' involvement or the data volume, and no sample has been released to validate the claim. [SINGLE-SOURCE] — see § 7.
Defender takeaway: ShinyHunters' maximalist-claim-then-short-deadline pattern recurred across multiple victims this week (Kodak, covered 2026-06-20, among them); the confirmed subset is consistently smaller than the claimed one. Audit legacy and "decommissioned" third-party storage that may still hold archival PII/clinical data outside normal operational scope, and keep those systems inside third-party risk assessments. The passing 06-22 deadline is the near-term monitoring trigger: data release would corroborate the 8.8TB vector, silence suggests a pivot to negotiation.