Cyber Incident Victim: Onyx Technologies

Onyx Technology, a Maryland-based firm, discovered a ransomware incident on June 28, 2022, following an investigation that revealed unauthorized access to or potential removal of a server between March 29 and June 28 of that year. The company restored access to its systems by July 7, 2022. On August 12, Onyx began notifying regulators, including the Montana Attorney General’s Office on behalf of Independent Care Health Plan (iCare), and affected individuals about the breach. The compromised server contained sensitive patient and client information, including names, dates of birth, addresses, phone numbers, iCare member ID numbers, Medicare ID numbers, dates of service, and providers’ names. Onyx reported the incident to the U.S. Department of Health and Human Services (HHS), indicating 96,814 affected individuals, though it remained unclear whether this figure represented all impacted entities or only specific clients like iCare.

DataBreaches.net contacted Onyx for clarification regarding the server’s removal and the identity of the ransomware group involved but received no response. The company published a substitute breach notice on its website after DataBreaches’ inquiry, reiterating the ambiguous language about the server’s status. No ransomware group claimed responsibility for the attack, and the incident did not appear on any leak sites as of the article’s publication date. Onyx’s notifications did not confirm whether data was exfiltrated or encrypted, nor did they disclose the attack’s operational impact beyond the server compromise. A post-publication correction clarified that Onyx discovered the breach on June 28, not June 12 as initially stated. The incident exposed healthcare-related personal information but yielded no public evidence of further misuse or additional technical details regarding the attackers’ methods.