ShinyHunters Claims 8.8TB Breach of Amazon One Medical

ShinyHunters Claims 8.8TB Breach of Amazon One Medical

The hacking group ShinyHunters has set its sights on one of the most sensitive data categories imaginable: personal health records. The group claims to have breached One Medical, the primary care service owned by Amazon, and alleges it exfiltrated more than 8.8 terabytes of data. According to threat intelligence sources, ShinyHunters issued a deadline of June 22 for negotiations, threatening to publish the stolen data if Amazon does not respond. Neither Amazon nor One Medical has publicly confirmed the full scope of the incident as of this writing.

The sheer volume of the alleged theft, 8.8TB, signals that this is not a narrow, targeted extraction. If verified, it would represent one of the most significant healthcare data incidents in recent memory.

What We Know About the One Medical Breach

One Medical operates a membership-based primary care model across the United States, serving patients who use its app and portals to book appointments, message providers, and access health records. Amazon acquired the company in 2023 for approximately $3.9 billion, integrating it into the broader Amazon Health ecosystem.

Separately, One Medical Seniors reported a data security event affecting a limited number of patients tied to a third-party file storage system, though it is not yet confirmed whether this is directly linked to the ShinyHunters claim.

Healthcare data is among the most valuable on the dark web precisely because it is immutable. You can cancel a credit card, but you cannot change your date of birth, your medical history, or your Social Security number. Records that include diagnoses, prescriptions, insurance details, and contact information can be used for insurance fraud, identity theft, and targeted phishing for years after a breach.

ShinyHunters is no stranger to high-profile targets. The group has previously claimed breaches affecting Charter Communications, exposing nearly 4.9 million records through a vishing-based attack, as well as major consumer brands including Zara, Carnival, and 7-Eleven. The group has demonstrated a willingness to follow through on data publication when demands go unmet.

Why Healthcare Breaches Carry Unique Risk

Most data breaches cause financial and reputational harm. Healthcare breaches do both of those things and add a layer of deeply personal exposure that patients rarely anticipate.

A stolen health record can reveal mental health diagnoses, reproductive health history, substance use treatment, HIV status, and chronic conditions. In the wrong hands, that information can be used for blackmail, employment discrimination, or highly personalized social engineering attacks. Patients who use telehealth or primary care apps like One Medical often assume that because the app is polished and the company is large and well-funded, their data is inherently secure. This breach, if confirmed, is a reminder that no company size guarantees protection against a determined attacker.

ShinyHunters has also been linked to breaches of educational platforms, including the Instructure Canvas incident that exposed student data across higher education institutions. The pattern suggests a group that is opportunistic across sectors and sophisticated in its approach.

What This Means For You

If you are a current or former One Medical patient, there are concrete steps worth taking now, before any official notification arrives.

First, monitor your health insurance accounts for claims or activity you do not recognize. Fraudulent billing is one of the most common outcomes of medical data theft. Second, be alert to phishing attempts. If attackers hold detailed health records, they can craft emails or calls that reference your provider, appointment history, or prescriptions to appear legitimate. Do not click links in unsolicited health-related messages.

Third, consider placing a credit freeze with all three major bureaus. Health records often include enough personally identifiable information to open new credit accounts in your name.

On the question of tools like VPNs: it is important to be precise here. A VPN would not have prevented this breach, which occurred on One Medical's servers, not on a user's connection. However, using a VPN when accessing medical portals, telehealth apps, or health insurance accounts over public or shared Wi-Fi networks does reduce the risk that your session credentials or transmitted data can be intercepted locally. That is a narrow but real benefit worth understanding. The server-side security of the platform you connect to is a separate question entirely, and one that patients have limited direct control over.

What patients do control is how they respond once a breach is announced: how quickly they act, how carefully they monitor, and how skeptically they treat unexpected outreach.

Actionable Takeaways

• Check your One Medical account for any unusual activity and update your password immediately.
• Enable multi-factor authentication on your One Medical account and any linked health or insurance portals.
• Place credit freezes at Equifax, Experian, and TransUnion if you have not already done so.
• Treat any inbound communications referencing your medical history with extra scrutiny, even if they appear to come from a known provider.
• Avoid accessing sensitive health accounts over public Wi-Fi; if you must, use a VPN to encrypt your local connection.
• Monitor for an official breach notification from One Medical, which would trigger your rights under HIPAA for information about what was exposed.

The One Medical situation is still developing, and the full scope of what was taken may not be known for some time. What is already clear is that healthcare platforms holding large volumes of sensitive patient data remain high-value targets, and patients should act on that reality rather than wait for official confirmation to take protective steps.