In a recent data breach, Omni Family Health, a healthcare provider based in Bakersfield, California, experienced a significant security incident. On August 7, 2024, the company discovered that sensitive information had been stolen from their systems and subsequently posted on the dark web. The dark web is a part of the internet not accessible through standard search engines and is often used for illicit activities.
The ransomware group, Hunters International, took credit for the breach by posting to their dark web website. In the post, the group claimed to have 2.7 terabytes of Omni's data and threatened to make the data publicly available if they were not paid the ransom.
Unfortunately, it appears as though the data was in fact posted publicly.
The breach affected individuals who are current or former patients and employees of Omni Family Health or those who were referred to the organization for healthcare services.
The types of consumer information exposed in this breach include:
Omni Family Health swiftly engaged external cybersecurity specialists to investigate the claims and notified federal law enforcement to assist in their efforts. The investigation confirmed that the data posted online was indeed related to Omni's patients and employees. As a result, the company has reached out to individuals whose information might have been compromised.
In response to the breach, Omni Family Health has taken several steps to address the situation and protect the affected individuals. They have strengthened their security measures to prevent future incidents and are offering 12 months of complimentary credit monitoring and identity protection services through Experian. This service aims to help individuals monitor their personal information and detect any fraudulent activity that may arise from the breach.
Omni Family Health encourages all potentially affected individuals to remain vigilant by regularly reviewing their accounts and monitoring their credit reports for any suspicious activity. They have also set up a dedicated call center to assist with any questions or concerns related to the breach.
If you believe you may have been affected by this data breach, there are several steps you can take to protect your personal information:
By taking these proactive steps, you can help safeguard your personal information and minimize the risk of identity theft.
For more details, you can view the disclosure on the California Attorney General's website and the Massachusetts Attorney General’s.
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.