Cyber Incident Victim: Onix Group
Date:
Mar 2023
Location:
United States of America
Summary
Onix Group, a multi-industry company, experienced a ransomware attack resulting in unauthorized access to its network over a one-week period. The attackers exfiltrated sensitive consumer data including names, Social Security numbers, dates of birth, and medical/billing details related to its healthcare and hospitality subsidiaries. Following an investigation with cybersecurity experts, the company confirmed data compromise and notified affected individuals whose information from affiliated service providers was exposed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Onix Group, LLC experienced a ransomware attack that compromised sensitive consumer data across its network. The incident was first detected on March 27, 2023, prompting the company to immediately secure its systems and initiate an investigation with external cybersecurity experts. Forensic analysis revealed unauthorized access to portions of Onix Group's computer network between March 20 and March 27, 2023, during which attackers exfiltrated files containing confidential information. The compromised data included impacted individuals' names, Social Security numbers, dates of birth, healthcare scheduling details, billing records, and clinical information maintained by Onix subsidiaries. These subsidiaries included Addiction Recovery Systems, Cadia Healthcare, Physician's Mobile X-Ray, and Onix Hospitality Group – entities providing treatment services, sub-acute care, diagnostic imaging, and hotel operations respectively under the parent company's management structure.
Upon confirming the unauthorized data access and removal during its investigation, Onix Group undertook a comprehensive review of affected files between late March and May 2023 to identify impacted consumers and determine exact data exposure parameters. The Kennett Square-based firm, which employs approximately 50 staff and generates around $40 million annually through its real estate holdings, hospitality franchises, and healthcare management operations, publicly disclosed the breach via a formal Notice of Data Security Incident on May 26, 2023. Concurrent with this disclosure, Onix initiated direct notification procedures by mailing personalized data breach letters to all affected individuals whose personal and medical information was compromised. The incident exposed vulnerabilities in network security protocols protecting sensitive consumer data across Onix's diverse business units, particularly its healthcare-related subsidiaries handling protected health and financial information. No further details regarding ransom demands, payment status, or specific remediation steps emerged beyond the confirmation of system security measures and notification processes completed by late May 2023.