US Hospital Coughs Up Sensitive Data Of Nearly 270K Patients In Ransomware Attack
This week, Lake Charles Memorial Health System (LCMHS) in Louisiana published a notice informing its patients of a cybersecurity incident that occurred back in October of this year. According to the notice, threat actors gained unauthorized access to the healthcare system’s internal network between October 20 and 21, 2022. This security breach facilitated the theft of confidential files stored within the network. The breach portal maintained by the US Department of Health and Human Service (HHS) states that nearly 270,000 people were affected by the data breach at LCMHS.
The threat actors behind this attack appear to have been part of the Hive ransomware gang, which was recently the subject of a joint cybersecurity advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the HHS. According to this advisory, the Hive ransomware gang has collected a total of $100 million in ransom fees from over 1,300 organizations. The advisory also notes that the gang maintains a dedicated leak site (DLS) where it publicizes its ransomware attacks and threatens to publish stolen files if victims don’t pay ransom fees.
The threat actors behind this attack appear to have been part of the Hive ransomware gang, which was recently the subject of a joint cybersecurity advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the HHS. According to this advisory, the Hive ransomware gang has collected a total of $100 million in ransom fees from over 1,300 organizations. The advisory also notes that the gang maintains a dedicated leak site (DLS) where it publicizes its ransomware attacks and threatens to publish stolen files if victims don’t pay ransom fees.
Hive’s ransomware victim notice for LCMHS went up on its website back in October, followed by the public release of stolen files on November 15. Assuming these files are legitimate, we have to wonder why LCMHS didn’t publish a notice until this week. Threat actors have had over a month to download the stolen data and abuse it for ill-ends while the healthcare system’s patients were unaware of the breach. The notice states that LCMHS’ information security team first detected unusual network activity on October 21, then determined on October 25 that threat actors had gained unauthorized access to the network, so the healthcare system has been aware of the breach for two months.
The 269,752 affected individuals are a mix of LCMHS patients, business partners, and employees, including interns and residents. A review of the now publicly available documents reveals that they contain the following information and more:
Perhaps the only silver lining here is that the stolen patient records don’t appear to stretch any farther back than 2018, though the same can’t be said for the hospital’s operational documentation. LCMHS states that it has begun mailing letters to patients who may have been affected by the data breach. The healthcare system is also offering credit monitoring and identity theft protection services to those whose Social Security numbers may have been exposed. Anyone who may have been affected by this breach, regardless of whether they receive this offer or not, should be extra wary of phishing attempts and consider implementing free identity-theft protection measures such as credit freezes.
The 269,752 affected individuals are a mix of LCMHS patients, business partners, and employees, including interns and residents. A review of the now publicly available documents reveals that they contain the following information and more:
- Names
- Genders
- Ages
- Patient IDs
- Social Security numbers
- Home addresses
- Phone numbers
- Email addresses
- Credit card credentials and payments
- Bank statements
- Insurance policy information
- Detailed medical records
