Fraud Management & Cybercrime , Healthcare , Industry Specific

BlackCat Leaking Patient Data and Photos Stolen in Attack

Russia-Linked RaaS Group Attacked Pennsylvania Healthcare Group Last Month
BlackCat Leaking Patient Data and Photos Stolen in Attack
Image: Shutterstock

Russian-speaking ransomware gang BlackCat is leaking data stolen from a Pennsylvania-based healthcare group, including photos of breast cancer patients.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

On Saturday, the ransomware group posted on its dark leak site a message taunting Lehigh Valley Health Network. "We have been in your network a long time and have had time to study your business," the group wrote. "We have stolen you confidential information and are ready to publish it."

Images posted by the criminal gang include screenshots of patient diagnoses of a handful of patients and pictures of breast cancer patients disrobed from the waist up.

"This is the first time I can recall photos purportedly of patients being prominently displayed on a leak site, and the escalation may be due to the fact that fewer victims are now paying," says Brett Callow, threat analyst at security firm Emsisoft.

Security researchers have concluded that the rate of ransomware attacks appears to have remained constant over the past three years, but fewer victims are willing to pay extortion demands (see: Ransomware Profits Dip as Fewer Victims Pay Extortion).

"As the criminals find it harder and harder to monetize attacks, their tactics will inevitably become more and more extreme," Callow says.

Brian Nester, president and CEO of Lehigh Valley Health Network, which operates 13 hospitals and numerous clinics and physician practices in eastern Pennsylvania, on Feb. 22 acknowledged the attack by BlackCat in a public statement.

Nester said the organization's initial analysis shows that the incident involved a computer system "used for clinically appropriate patient images for radiation oncology treatment and other sensitive information" (see: Pennsylvania Health System CEO Confirms BlackCat Attack).

BlackCat demanded a ransom payment, but LVHN refused to pay, Nester said in the statement.

On Feb. 6, LVHN's IT team detected unauthorized activity within its IT system, Nester said. As of his Feb. 22 statement, the incident had not caused any disruption to the healthcare organization's systems.

"Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County," Nester said.

Lehigh Valley Health Network did not immediately respond to Information Security Media Group's request on Monday for comment.

Escalating Threat

These latest BlackCat incidents come on the heels of a January alert by the U.S. Department of Health and Human Services warning healthcare sector about growing threats involving BlackCat (see: BlackCat, Royal Among Most Worrisome Threats to Healthcare).

The BlackCat ransomware-as-a-service group has demanded ransom payments as high as $1.5 million, and affiliates keep 80% to 90% of the extortion payments.

Electronic health records vendor NextGen Health and pharmacy management services firm PharmaCare Services were also purportedly among recent healthcare sector victims listed on BlackCat's leak data site (see: 2 Vendors Among BlackCat's Alleged Recent Ransomware Victims).

As ransomware and other cybercriminal groups such as BlackCat continue to target healthcare sector entities, it is critical for organizations to heighten their defenses, says Frank Catucci, chief technology officer and head of research at security firm Invicti Security.

"Keep systems scanned, patched and updated as much as possible. Possibly even segregate any systems or networks with potentially sensitive data and enable multifactor authentication whenever possible," he says.

"Anytime a criminal can use an additional pressure tactic or angle to extort money, they will likely take advantage of that."

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.