Healthcare clients affected by the breach included Addiction Recovery Systems, Cadia Healthcare, and Physicians Mobile X-Ray. The breached information included names, dates of birth, clinical information, and the Social Security numbers of patients of its healthcare clients, and the health plan enrollment and direct deposit information of employees. The forensic investigation confirmed that hackers had access to its internal network between March 20 and March 27, 2023, during which time they exfiltrated files that contained employee, affiliate, and client information. The ransomware attack was detected by Onix Group on March 27. Onix Group, a Pennsylvania-based real estate development firm and provider of business management and consulting services, is being sued for failing to prevent a ransomware attack in which the hackers stole the protected health information of 320,000 individuals. Onix Group Sued for Failing to Prevent Ransomware Attack and 320K-Record Data Breach
