A network of Russian hackers has posted online photos of naked cancer patients they stole from a network of hospitals, after they refused to pay a ransom.
Lehigh Valley Health Network, a Pennsylvania-based consortium of 13 hospitals and 28 healthcare facilities, said the hackers’ actions were an “unconscionable criminal act.”
The images were obtained by a group known as ALPHV, nicknamed BlackCat, a group also believed to be behind a September hack of Italy’s state-owned energy company.
On February 6, the health care company said it found unauthorized activity on its computer networks and alerted law enforcement.
A month later, the hackers released a statement saying they had “been on their network for a long time” and had accessed patient passports, questionnaires, personal data and “nude photos.”
Lehigh Valley Health Network operates 13 hospitals and 28 health care centers. They noticed unusual activity on their computers in early February.
Hackers posted this ransom note online.
The health care company said the stolen information includes three screenshots, described as “clinically appropriate” photographs of cancer patients receiving radiation oncology treatment.
There were also seven documents containing patient information, Lehigh Valley Live informed.
The data was published on the dark web when the hospital refused to pay the hackers.
“Our blog is followed by a large number of global media outlets, the case will be widely publicized and will cause significant damage to your business,” the hackers said.
‘You’re running out of time. We are ready to unleash our full power on you.
It was unclear how much money the hackers wanted.
The US Department of Health and Human Services said in January that BlackCat has demanded ransoms of up to $1.5 million.
The Allentown, Pennsylvania-based company said releasing patient data was “despicable.”
“This wanton criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior,” the company said.
Brian Nester, chief executive of the health care company, said they were still identifying information related to the incident.
“We will provide notices as necessary to those whose information was involved,” the company statement said.
Brian Nester, CEO of Lehigh Valley Health Network
Russian hackers have grown ever bolder, launching attacks against global banks, Britain’s Royal Mail and US infrastructure.
On March 2, an ambitious and far-reaching White House cyber security The plan was released, calling for beefing up protections in critical sectors and holding software companies legally accountable when their products fail to meet basic standards.
The strategy document promises to use ‘all instruments of national power’ to prevent cyber attacks.
The Democratic administration also said it would work to “impose strong and clear limits” on private sector data collection, including geolocation and health information.
“We still have a long way to go before all Americans feel confident that cyberspace is safe for them,” said Kemba Walden, acting national cyber director.
“We expect school districts to come to grips with transnational criminal organizations largely on their own. This is not just unfair. It is ineffective.
The strategy largely codifies work already being done over the past two years following a series of high-profile ransomware attacks on critical infrastructure.
A 2021 attack on a fuel main line caused a panic at the bomb, resulting in a fuel shortage on the east coastand other damaging attacks made cybersecurity a national priority. Russia’s invasion of Ukraine compounded those concerns.
The 35-page document lays the groundwork to better counter growing threats to government agencies, private industry, schools, hospitals, and other vital infrastructure that are routinely breached.
In recent weeks, the FBI, US Marshals Service and net dish They were among the victims of the intrusion.
‘The defense is hardly winning. Every few weeks someone gets horribly hacked,” said Edward Amoroso, chief executive of cybersecurity firm TAG Cyber.