Hackers claim they stole 8.8TB from Amazon's One Medical, with a deadline looming

A hacking group called ShinyHunters says it has stolen more than 8.8 terabytes of data from One Medical, the healthcare provider Amazon bought in 2022 that runs over 250 clinics across 19 US cities. The group has set a deadline of 22 June for the company to start negotiating, threatening to release the data if it does not.

Here is the important caveat: the claim is unverified. ShinyHunters has not published any sample data to back it up, and big round numbers like "8.8TB" are easy to assert and hard to check. Until there is proof, treat the headline figure with caution.

What has actually been confirmed

There is a real, separate incident. On 13 June, One Medical said an unauthorised person had accessed a third-party file storage system holding archived records from Iora Health, a company it acquired in 2021. Its investigation found that files relating to a limited number of One Medical Seniors and legacy Iora Health patients were accessed. That is a genuine breach, but a much narrower one than the ShinyHunters claim.

Why it matters

Medical records are among the most valuable things a criminal can steal. Unlike a card number, you cannot cancel your diagnosis history. Combine health data with names, addresses and dates of birth and you have the raw material for convincing phishing, identity theft and targeted scams that can run for years.

If you are a One Medical patient, the sensible moves are the boring ones: watch for unusual messages that reference real medical details, be wary of any call or email pushing you to act fast, and turn on two-factor authentication anywhere you can. We will update this story if ShinyHunters releases anything that proves the larger claim. For now, one breach is confirmed and small, and the dramatic number is still just a threat.