The Oregon Anesthesiology Group (OAG) said it suffered a ransomware attack in July that led to the breach of sensitive employee and patient information.
The breach involves the information of 750,000 patients and 522 current and former OAG employees.
In a statement, the company said it was contacted by the FBI on October 21. The FBI explained that it seized an account that contained OAG patient and employee files from HelloKitty, a Ukrainian ransomware group.
The FBI said it believes the group exploited a vulnerability in OAG’s third-party firewall, enabling the hackers to gain entry to the network.