According to a spokesman for Lehigh Valley Health Network, more patient images have been leaked and are currently available on the dark web.
The Russian ransomware group BlackCat, according to Brian Downs, has exposed “more sensitive information” regarding patients on the dark web. The health network said Tuesday that at least three images of cancer patients getting chemotherapy treatments and seven papers containing patient information were placed online after discovering “unauthorized activity” on its IT systems in early February.
Now, an unknown number of additional photographs and private information have been uploaded online.
Downs said in a statement, “We are analyzing precisely what material has been released as we simultaneously continue to evaluate the content involved.
According to Downs, the network is evaluating the scale of the data leak in collaboration with “top cybersecurity organizations and experts” and will notify anyone whose information has been uploaded.
We anticipate that this despicable strategy will persist, Downs added. As we’ve already stated, this heinous conduct was committed by cybercriminals looking to profit by exploiting our patients and the coworkers who care for them. We condemn this heinous exploitation.
In a recent article, the New York Times reported that the U.S. Department of Justice is investigating whether the Obama administration violated the law by failing to prosecute a former employee for a criminal offense.
The health network has so far refused to pay the ransom requested by hackers in exchange for keeping the data confidential.
Callow said that by refusing to pay the ransom, the health network is acting morally. Even if the ransom is paid, the hackers could still publish the patient data, he claimed, and paying ransoms just serves to inspire future assaults.
Ransomware assaults only take place because they’re profitable, according to Callow. “There would be no more ransomware attacks if no organizations paid,”
BlackCat is “a relatively new but highly potent ransomware threat to the health sector,” according to a briefing from the U.S. Department of Health and Human Services on Jan. 12. A form of malicious software known as ransomware is used to either steal or prevent access to personal data unless a ransom is paid.
BlackCat was described by HHS as a “triple-extortion” organization that demanded money while threatening to release information and use DoS attacks to take down websites.
This is not the first cyberattack that has targeted LVHN. Some Lehigh Valley Health Network patients’ private information was taken in 2021 as a result of a hack of a popular third-party file transfer service.
A costly and growing issue is ransomware. The average cost of a ransomware breach last year was $4.54 million, not considering the price of the ransoms. According to IBM, data breach expenses grew 13% from 2020 to 2022. The cost of a healthcare breach was the highest last year, averaging $10.1 million.