Oklahoma City Indian Clinic Cyberattack Causes Pharmacy Disruptions

March 29, 2022 - Oklahoma City Indian Clinic (OKCIC) experienced a cyberattack that has disabled certain pharmacy services indefinitely, a statement on its website explained.

A post on the clinic’s Twitter account suggests that the attack began as early as March 10, when OKCIC first reported experiencing “technical difficulties.”

OKCIC’s pharmacy automatic refill line and mail order services will be down “for an indeterminate amount of time,” the statement on its website explained. The clinic directed patients to call the pharmacy if they needed prescription refills.

“We immediately began an internal review and are actively working with our IT staff and third-party specialists towards a resolution. We will keep our community updated as we learn more information,” OKCIC continued.

OKCIC is a 501(c)(3) nonprofit that serves over 20,000 patients from 200 Native American tribes in Oklahoma.

The clinic told patients to have their prescription information available when they call the pharmacy, including chart number, drug name, directions, provider, and drug strength. OKCIC also recommended that patients bring their prescription vials to the pharmacy.

According to local news station KFOR, SunCrypt ransomware group claimed responsibility for the cyberattack. DataBreaches.net also reported that SunCrypt was responsible for the attack and said that a post on the group’s leak site claimed to have acquired more than 350GB of files from OKCIC, including financial documents and electronic health records.

OKCIC has not confirmed what information was involved in the cyberattack or who was responsible.

Recent Minerva Labs research explained that SunCrypt runs a small affiliate program and was first observed in October 2019. SunCrypt typically targets organizations in the technology and retail industries, the research continued.

The 2022 version of SunCrypt appears to have adopted new capabilities that allow its ransomware to terminate processes and wipe machines clean of ransomware evidence. In the past, the group said that they would avoid interfering with hospital operations.

OKCIC provided the following statement to KFOR:

“Earlier this month, Oklahoma City Indian Clinic (OKCIC) discovered that certain systems were inaccessible and immediately deployed all available resources to investigate, including third-party forensic specialists. As part of our investigation, we discovered that the OKCIC was the victim of a cyber attack.  While our investigation remains ongoing at this time, we currently do not have evidence of unauthorized access to patient information. OKCIC is taking the necessary and appropriate steps to address this incident and comply with applicable regulations, and will continue to do so as our investigation proceeds.”

Due to separate incidents, both Taylor Regional Hospital (TRH) in Kentucky and East Tennessee Children’s Hospital are currently recovering from cybersecurity incidents. Cyber incidents at both hospitals rendered certain phone lines unusable and disrupted operations.