A Russian group of hackers stole information from a Pennsylvania health network and then published naked photos of cancer patients online when the hospital refused to pay a ransom.
Lehigh Valley Health Network (LVHN), comprised of 13 hospitals and 28 healthcare centers, was attacked by a group called ALPHV, nicknamed BlackCat.
“We have been in your network for a long time and have had time to study your business,” the hackers threatened on March 4. “In addition, we have stolen your confidential data and are ready to publish it. We have the data of your client base of patients, namely their passports, personal data, questionnaires, nude photos and the like. Our blog is followed by a lot of world media, the case will be widely publicized and will cause significant damage to your business.”
“Your time is running out. We are ready to unleash our full power on you!” they concluded.
After the health network refused to pay the ransom, three screenshots of cancer patients receiving radiation oncology treatment were published on the dark web, along with seven documents containing patient information, Lehigh Valley Live reported.
“This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior,” the network stated.
In mid-February, Dr. Brian Nester, president and CEO of Lehigh Valley Health Network, released a statement, saying, “Lehigh Valley Health Network (LVHN) has been the target of a cybersecurity attack by a ransomware gang, known as BlackCat, which has been associated with Russia. As of today, the attack has not disrupted LVHN’s operations. Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical.”
“This group, in particular, is unusual to some extent. They will go after hospitals because this is where the money is. And they will go after US hospitals because this is where a lot of money is, and they’ve been successful in the past,” Dr. Pablo Molina, the chief information security officer for Drexel University, said.
LVHN asserted it is still investigating, acknowledging the attack centered on Delta Medix IT system but had limited impact on other IT systems. “We will provide notices as required to those whose information was involved,” they stated.
Lehigh Valley Health Network’s history began with 13 local women who raised $5,300 for a plot of land in Allentown, Pennsylvania, and opened The Allentown Hospital in 1899. Over 50 years later, a group of Lutheran clergy purchased a 102-acre field in Bethlehem, and in 1961, the Muhlenberg Hospital Center opened.
In the late 1960s, Dorothy Pool, the wife of Leonard Parker Pool, had to travel to New York City for cancer treatment. That prompted Leonard Pool to donate $5 million to help the construction of the flagship hospital of the network: Lehigh Valley Hospital–Cedar Crest in Salisbury Township, Pennsylvania. That hospital contains the John and Dorothy Morgan Cancer Center, which was selected as the second member of the Memorial Sloan Kettering Cancer Alliance in 2015.
The network features Lehigh Valley Reilly Children’s Hospital, the only children’s hospital in the Lehigh Valley.
Read the full article here
Discussion about this post