A group of hackers from Russia reportedly stole medical information from a Pennsylvania health network and then published naked pictures of all of the cancer patients online due to the hospital’s refusal to pay a ransom to the hackers.
Built out of a total of 13 hospitals and 28 healthcare centers, Lehigh Valley Health Network (LVHN) was attacked by a group named ALPHV, also known as BlackCat.
“We have been in your network for a long time and have had time to study your business,” the hackers threatened back on the 4th of March. “In addition, we have stolen your confidential data and are ready to publish it. We have the data of your client base of patients, namely their passports, personal data, questionnaires, nude photos and the like. Our blog is followed by a lot of world media, the case will be widely publicized and will cause significant damage to your business.”
“Your time is running out. We are ready to unleash our full power on you!” they finished.
After the health network publically refused to pay the ransom, sets of three screenshots of cancer patients undergoing radiation oncology treatment were published on the dark web, alongside a group of seven other documents holding information on the patients, stated a report from Lehigh Valley Live.
“This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior,” explained the network.
Back near the middle of February, the president and CEO of Lehigh Valley Health Network, Dr. Brian Nester put out a statement, claiming, “Lehigh Valley Health Network (LVHN) has been the target of a cybersecurity attack by a ransomware gang, known as BlackCat, which has been associated with Russia. As of today, the attack has not disrupted LVHN’s operations. Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical.”
“This group, in particular, is unusual to some extent. They will go after hospitals because this is where the money is. And they will go after US hospitals because this is where a lot of money is, and they’ve been successful in the past,” stated Dr. Pablo Molina, the chief information security officer for Drexel University.
LVHN claimed that it is still part of an ongoing investigation, acknowledging the attack carried out against Delta Medix IT system but had a very limited impact against other IT systems. “We will provide notices as required to those whose information was involved,” they claimed.