ShinyHunters Hit One Medical. 8.8TB. 830,000 Patients. Amazon's Primary Care Company. The Deadline Is Today.

ShinyHunters posted One Medical to their dark web leak site this week. Eight point eight terabytes of alleged stolen data. Eight hundred thirty thousand patients across more than 250 clinics in the United States. The extortion deadline is June 22 — today. One Medical is Amazon's primary care company, acquired in 2023 for 3.9 billion dollars. Amazon is also the company that runs your pharmacy, your health insurance in certain states, and the cloud infrastructure that stores the health records of a meaningful fraction of the American population.

One Medical confirmed a legitimate security incident. An unauthorized third party accessed the file storage system between June 8 and June 11, 2026. The system contained demographic information and clinical records for Iora Health and One Medical Seniors patients in Atlanta, Cape Cod, Charlotte, the Piedmont Triad, Denver, Houston, Phoenix, Tucson, and Seattle. The overlap between what One Medical confirmed and what ShinyHunters claimed is the shape of the incident rather than the precise scope — One Medical confirmed access, ShinyHunters is claiming 8.8TB and threatening to publish.

We have been tracking ShinyHunters since April. On April 30 we documented the UNC6040 attribution — Mandiant's cluster designation for the same operator the underground calls ShinyHunters — and catalogued five victims with receipts in our index. On May 8 we published a watch list of eight named environments with pre-staged infrastructure including GE Healthcare, Moderna, and Nike. On May 12 the Canvas deadline reset exactly the way we said extortion deadlines reset — the data-destroyed claim lasted forty-eight hours. On June 20 Kodak joined the list. Today it is One Medical.

The playbook is identical every time. The SaaS environment is breached through the human layer — voice phishing the help desk, social engineering an identity reset, walking through the identity provider rather than the firewall. The data is staged. The deadline is set. The deadline passes or resets. The pressure accumulates. One Medical's June 22 deadline is today, which means ShinyHunters is either in active negotiation, has already published, or is about to. The mechanism does not change based on the target's size or brand recognition. If anything, the Amazon affiliation makes the brand leverage greater, not less — the reputational cost of 8.8TB of Amazon-adjacent health records appearing on a leak site is a threat that scales with the brand.

The 8.8TB figure is the number that distinguishes this breach from most. For reference, the Change Healthcare breach in 2024 — still the largest healthcare breach in American history — involved an estimated six terabytes of data from approximately one third of the American population's health records. Eight point eight terabytes from one primary care network's file storage system is a very large number for a single company's storage breach. It is consistent with a file storage system that aggregates clinical records, imaging, administrative documents, billing data, and the other structured and unstructured data that accumulates in a healthcare organization's storage tier over years of operation. It is not consistent with a targeted extraction of a specific data type. If the claim holds, this was a broad sweep of whatever was accessible in the file storage system during the three-day access window.

The healthcare concentration in the last week's breaches is not coincidental. We published on iRhythm's cardiac PHI breach on Saturday — social engineering, third-party access, ransom demand, same week. Two healthcare companies in five days, one Amazon-owned, one an FDA-cleared medical device manufacturer, both breached through the human layer, both held to ransom. The healthcare sector carries the combination of factors that make it the attacker's preferred target in 2026: extremely sensitive data with high leverage value, third-party vendor ecosystems with broad data access, authentication systems that have historically prioritized clinical access over security friction, and regulatory consequences that make breach disclosure itself a negotiation lever for the extortion operator.

One Medical's patient population skews toward the tech-adjacent, the employer-insured, and urban professionals who can afford or whose employers subsidize the membership model. That demographic profile means the data includes patients who hold security clearances, work at technology companies with sensitive intellectual property, hold executive positions at public companies, and have other characteristics that make their health records more valuable than an average PHI dataset. ShinyHunters is aware that not all 8.8TB is equal and that the subset with the highest leverage value is the subset most useful in the negotiation.

Amazon has not confirmed or denied the scope of the ShinyHunters claim, which is the standard incident response posture during an active extortion negotiation. The confirmed incident is narrower than the claimed breach — the confirmed access was to a file storage system containing demographic and clinical data for Iora Health and One Medical Seniors patients in specific cities. The 8.8TB claim may represent a wider access than what One Medical has confirmed, may represent inflation of the actual take, or may represent data from additional systems not yet identified in the forensic investigation. None of those three scenarios is reassuring, and the structure of the disclosure — a confirmed three-day unauthorized access followed by an extortion claim with an 8.8TB figure — is the structure of a breach where the full scope is still being established.

The action for One Medical patients is rotation of every credential that shares a password with any system One Medical could reach, and heightened scrutiny of social engineering attempts that reference their One Medical membership, their clinical history, or their Amazon health products, because credential intelligence from an 8.8TB PHI dataset is the raw material for targeted phishing campaigns against the same patient population. The action for One Medical as an organization is the one that every organization in an active ShinyHunters negotiation faces — the data-destroyed assurance from May will not hold here any more than it held for Canvas, and the forty-eight hour deadline reset is the playbook, not a deviation from it.

We named this cluster in April. We published the watch list in May. One Medical was not on it, which is the honest part. The pattern we named is the pattern that is producing victims we did not specifically predict. The mechanism is consistent. The victims are wherever the mechanism finds a door. The door is always the human layer of a SaaS authentication system. ShinyHunters is still running the same play because the same play keeps working.

The deadline is today. Watch the leak site.

The threat feed this post is built on

1.14M+ IOCs, STIX 2.1, precursor signals, supply-chain detection. Free API key in 30 seconds.

Get your free key → analytics.dugganusa.com/stix/register