A cybercriminal extortion group has claimed to have stolen 8.8 terabytes of data from One Medical, the American primary care network owned by Amazon, and has threatened to publish the material unless the company enters negotiations by 22 June.

The group, known as ShinyHunters, posted the claim on its dark web leak site and described it as a "final warning" to the company. The deadline has now passed without any public response from One Medical, and the outcome remains unclear.

One Medical was founded in 2007 as a membership-based primary care provider. It operates more than 250 clinics across 19 US cities and serves in excess of 830,000 patients through a combination of in-person and virtual services. Amazon acquired the company in 2023 for approximately $3.9 billion, a move that significantly extended the technology company's presence in the American healthcare market.

ShinyHunters published the claim without releasing any sample data, which means the allegation cannot be independently verified. It is not known what category of information the group may have obtained, nor whether the claimed volume of data reflects the actual scale of any intrusion. One Medical had not issued a public statement at the time of publication.

If the breach is genuine, the data at risk would likely include patient medical records and personally identifiable information such as names, addresses, and contact details. The combination carries particular weight in the context of criminal exploitation. Medical records, unlike financial credentials, cannot be changed or cancelled, and their detail makes them well suited for constructing convincing fraudulent identities. These details may also be utilised to create customised phishing messages that are far more convincing than generic efforts when combined with personal contact information. Security researchers have noted that healthcare data commands a higher price on criminal markets than most other categories of stolen information, partly for these reasons.

ShinyHunters has been active for several years and has claimed responsibility for a significant number of high-profile data thefts. The group's approach distinguishes it from ransomware operators: rather than encrypting a victim's systems and demanding payment to restore access, ShinyHunters focuses on extracting data and threatening its publication. The leverage, in this model, is reputational and legal rather than operational. Victims face the prospect of sensitive information being released publicly rather than their systems being rendered unusable.

Among the organisations the group has previously claimed to have targeted are Cisco Systems, Rockstar Games, the developer of the Grand Theft Auto series, the European Commission, and Dutch telecommunications company Odido. The group has also recently listed several American companies on its leak site, including retailer JCPenney and food distributor Sysco, though the status of those claims varies.

The healthcare sector has become an increasingly common target for groups of this kind, given the sensitivity of the data held and the pressure that potential exposure places on organisations bound by strict regulatory obligations. Beyond the immediate harm to their reputation, healthcare professionals in the United States are subject to federal regulations controlling the management and distribution of patient information.

One Medical has been contacted for comment. Until the company responds or ShinyHunters publishes further detail, it is not possible to assess the credibility or scope of the claim. The passing of the stated deadline without visible consequence does not necessarily indicate that the threat has receded.