On August 12, Onyx Technology of Maryland began notifying regulators and others about a ransomware attack they experienced.
According to their notification to the Montana Attorney General’s Office on behalf of Independent Care Health Plan (iCare), they discovered the attack on June 28. Their investigation subsequently found that “a server may have been removed or accessed beginning on March 29, 2022, and ending on June 28, 2022.” Onyx regained access to its systems on July 7.
DataBreaches sent an inquiry to Onyx asking for clarification about what they meant by saying a server may have been removed but has received no reply.
Onyx has also reported the incident to HHS. Their report to HHS indicated that 96,814 patients were affected, but at this point, it is not clear whether that report is for all of their covered entities or just one or some of them.
Onyx appears to have uploaded a substitute notice to their website yesterday after DataBreaches emailed them, but it contains the same somewhat puzzling language about a server being removed.
The types of information that may have been accessed or compromised includes:
- Date of birth
- Phone number
- iCare member ID Number
- Medicare ID Number
- Date of service
- Provider’s name
As of publication today, the firm did not reply to this site’s inquiry about which ransomware group attacked them, and the attack has not shown up on any leak site.
A typo was corrected post-publication. The breach was discovered on June 28, not on June 12.