This past October, during a ransomware assault on a healthcare facility in southwest Louisiana, hackers collected and exposed the personal information of approximately 270,000 patients and workers. A ransomware organization known as the Hive has claimed responsibility for the incident.
Hive and other ransomware groups are increasingly targeting organizations, stealing data before locking down systems to demand higher ransom payments. In some cases, ransomware authors have used stolen information to contact patients personally and threaten to reveal their medical records unless they pay the ransom.
According to spokeswoman Allison Livingston, the Lake Charles Memorial Health System stopped the hackers’ effort to encrypt its systems and avoided any disruptions to patient care. The healthcare provider’s security staff discovered the intrusion, Livingston explained.
According to a breach report by Lake Charles Memorial Health System (LCMHS ), hackers gained unauthorized access to hospital networks on October 20 and 21. The stolen information includes patients’ names, addresses, birthdays, medical records, identification numbers, health insurance information, payment information, and clinical information, such as care provided. For some patients, the incident also compromised some social security numbers.
The health organization claimed to have identified the incident on October 25 and began collaborating with cybersecurity professionals immediately. In addition, the hospital reported the cybersecurity attack to the authorities.
Experts claim that small hospitals frequently lack stable financing and staff to safeguard their computer networks. As a result, volunteers occasionally attempt to fill the gap.
Attacks using ransomware pose a risk to patient security. According to a report by the Department of Homeland Security’s cybersecurity office, a ransomware assault on a hospital that is already under stress might result in “lower capacity and worsening health outcomes.”