Pennsylvania-based Lehigh Valley Health Network (LVHN) is closely monitoring and bracing for further actions of a ransomware group called BlackCat, which has reportedly .
The health system first detected what it called "unauthorized activity ... by BlackCat, a ransomware gang associated with Russia," on its information technology systems at the beginning of . It confirmed last week that at least three photos of cancer patient receiving treatments, along with seven documents containing patient information, were , .
"We expect this shameful tactic to continue," LVHN said in an emailed statement.
Rather than paying off the attackers, LVHN said that it has been "working closely with leading cybersecurity firms and experts to analyze the scope of the exfiltrated data." Close monitoring of the group's activity has turned up additional sensitive information posted on the dark web.
"We are evaluating exactly what information has been posted as we simultaneously continue to analyze the content involved," LVHN added. "This is a complex and labor-intensive exercise and it is important we dedicate the necessary time to determine the information involved. We will provide notices as required to those whose information was involved."
LVHN is hardly alone.
Ransomware attacks on healthcare facilities ranging from hospitals to dental offices have "substantially increased in number and severity in recent years," reported at the end of last year, citing a cohort study .
In that study of HHS data, the annual number of ransomware attacks on healthcare facilities doubled from 43 in 2016 to 91 in 2021. The number of patients affected increased by more than 11-fold over that period as well, from approximately 1.3 million in 2016 to more than 16.5 million in 2021.
Since BlackCat was first detected in 2021, it has targeted U.S. entities, including healthcare facilities, and demanded ransoms as high as $1.5 million, noted a .
Brett Callow, a threat analyst with the anti-virus software company Emsisoft, told The Morning Call that LVHN is doing the right thing when it comes to refusing to pay ransom, noting that hackers could post patient information anyway, and that paying ransoms only encourages other attacks.
For its part, LVHN has condemned the actions of BlackCat, including the group's purported aim of profiting at the expense of patients.
"As we've previously said, this despicable act is executed by cyber criminals trying to make money by taking advantage of our patients and colleagues caring for patients," LVHN stated, "and we condemn this reprehensible exploitation."