Amazon’s One Medical Faces Cybersecurity Crisis with Potential 8.8TB Data Leak
Amazon’s healthcare subsidiary, One Medical, finds itself in the midst of a significant cybersecurity crisis. The infamous hacking group, ShinyHunters, alleges to have pilfered a massive 8.8 terabytes of sensitive patient data from the company. The group has issued a dire ultimatum: negotiate by June 22, 2026, or the stolen information will be made public.
The breach was first detected on June 13, when One Medical discovered unauthorized access to a third-party file storage system. This system housed archived records from Iora Health, a senior-focused primary care company acquired by One Medical in a $2.1 billion deal in 2021. The company was later rebranded as One Medical Senior Health. Amazon had previously acquired One Medical for $3.9 billion in 2023.
Upon detection, One Medical stated it “immediately took action to deactivate the system and revoke all access” and promptly launched a comprehensive investigation. The company confirmed that only a “limited number” of One Medical Seniors and legacy Iora Health patient files were accessed. However, it has not disclosed exact patient counts. The attackers have not publicly released any data samples, making it impossible to independently verify the full extent of the alleged theft.
If the claim proves legitimate, the exposed data could include highly sensitive medical records and personally identifiable information (PII). This combination is particularly valuable to cybercriminals for identity theft, targeted phishing, and social engineering attacks. The incident is part of a broader wave of healthcare data breaches in 2026, with One Medical, Kodak, and Novo Nordisk all confirming breaches within the same week.
Source: Cybernews – June 18, 2026