LVHN reports a cyberattack
Ransomware gang known as BlackCat demanded ransom payment, but LVHN refused, CEO says
The Lehigh Valley Health Network has been the target of a cyberattack from a suspected Russian ransomware group.
In a statement issued Monday morning, LVHN President and
CEO Brian A. Nester said, “Lehigh Valley Health Network has been the target of a cybersecurity attack by a ransomware gang, known as BlackCat, which has been associated with Russia. As of today, the attack has not disrupted LVHN’s operations. Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical.”
BlackCat is “a relatively new but highly capable ransomware threat to the health sector,” according to a Department of Health and Human Services briefing dated Jan. 12. It’s not the first time U.S. authorities have issued warnings about the group, according to the Washington Post.
Ransomware is a type of malicious software, or malware, that threatens to publish personal information or personally block access to it unless a ransom is paid.
Nester said BlackCat demanded a ransom payment, which LVHN refused to pay.
“We understand that BlackCat has targeted other organizations in the academic and health care sectors,” Nester said in the statement. “We are continuing to work closely with our cybersecurity experts to evaluate the information involved and will provide notices to individuals as required as soon as possible. Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident.”
Nester said LVHN detected unauthorized activity Feb. 6 within the network’s IT system.
“Our Technology team identified the unauthorized activity, and we immediately launched an investigation, engaged leading cybersecurity firms and experts, and notified law enforcement,”
Nester said in the statement. “We are continuing to work with our experts to investigate the scope of the incident and as of today, we continue to operate normally.
“Although our investigation is ongoing, as of today, our initial analysis shows that the incident involved a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information.”
HHS called BlackCat a “triple-extortion” group that was first detected in November 2021. According to the FBI, they compromised at least 60 victims in four months. The triple extortion includes ransomware attacks accompanied by threats to leak data and conduct denial-of-service attacks intended to knock websites offline.
It has ties to older, infamous Russian ransomware gangs, such as Darkside/ Black Matter and REvil, according to HHS.
BlackCat favors U.S. targets, according to HHS, which is not uncommon for ransomware gangs, many of which are believed to be based in Eastern Europe.
BlackCat claims “we do not attack state medical institutions, ambulances, hospitals. This rule does not apply to pharmaceutical companies, private clinics.” HHS notes that many “cybercriminal gangs have broken promises not to attack health care targets in the past.”
This is not the first time LVHN has been the subject of a cyberattack. In 2021, personal information belonging to some Lehigh Valley Health Network patients was stolen when a widely used third-party file transfer service was hacked.
Ransomware is a growing, and costly, problem. According to IBM, data breach costs increased 13% from 2020 to 2022, and the average cost of a ransomware breach was $4.54 million last year — not including the cost of the ransoms themselves. Health care breach costs have been the most expensive, reaching an average $10.10 million last year.