LVHN: More patient photos on dark web
Network officials expect leaks to continue after ransomware attack
More Lehigh Valley Health Network patient photos have been posted on the dark web, a spokesperson said, and they expect more leaks in the future.
Brian Downs said that the Russian ransomware gang BlackCat has posted “additional sensitive information” about patients on the dark web. The health network detected “unauthorized activity” on its IT systems in early February, and confirmed Tuesday that at least three photos of cancer patients receiving oncology treatments and seven documents with patient information were posted online.
Now, an unknown additional number of photos and sensitive data has been posted online.
“We are evaluating exactly what information has been posted as we simultaneously continue to analyze the content involved,” Downs said in a statement.
The network is working with “leading cybersecurity firms and experts” to evaluate the scope of leaked data, Downs said, and will will notify anyone who’s information has been posted.
“We expect this shameful tactic to continue,” Downs said. “As we’ve previously said, this despicable act is executed by cyber criminals trying to make money by taking advantage of our patients and colleagues caring for patients and we condemn this reprehensible exploitation.”
According to Brett Callow, a threat analyst with anti-virus software company Emsisoft who monitors cybersecurity threats, BlackCat uploaded a 132-gigabyte file of what hackers say is more patient data and photos, and threatened to leak more weekly until a ransom is paid.
Hackers have demanded a ransom payment from the health network in exchange for keeping the data private, which LVHN has thus far refused to pay.
Callow said the health network is doing the right thing by refusing to pay the ransom. The hackers could post the patient information anyway even if the ransom is paid, and paying ransoms only further encourages ransomware attacks, he said.
“Ransomware attacks happen for one reason and one reason only: they’re profitable,” Callow said. “If no organizations paid, there would be no more ransomware attacks.”
BlackCat is “a relatively new but highly capable ransomware threat to the health sector,” according to a U.S. Department of Health and Human Services briefing Jan. 12. Ransomware is a type of malicious software used to steal personal information or block access to it unless a ransom is paid.
HHS called BlackCat a “triple-extortion” group that has threatened to leak data and conduct denial-of-service attacks intended to knock websites offline while demanding payment.
This is not the first time LVHN has been the subject of a cyberattack. In 2021, personal information belonging to some Lehigh Valley Health Network patients was stolen when a widely used third-party file transfer service was hacked.
Ransomware is a growing, costly problem. According to IBM, data breach costs increased 13% from 2020 to 2022, and the average cost of a ransomware breach was $4.54 million last year — not including the cost of the ransoms themselves. Health care breach costs have been the most expensive, reaching an average $10.1 million last year.