Jump to content
  • Ransomware attack at Louisiana hospital impacts 270,000 patients

    alf9872000

    • 418 views
    • 3 minutes
     Share


    • 418 views
    • 3 minutes

    The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting thousands of people who have received care at one of its medical centers.

     

    LCMHS is the largest medical complex in Lake Charles, Louisiana, comprising a 314-bed hospital, a 54-bed women's hospital, a 42-bed behavioral health hospital, and a primary care clinic for uninsured citizens.

     

    According to the announcement posted on the LCMHS site, the cybersecurity incident occurred on October 21, 2022, when the organization's security team detected unusual activity on the computer network.

     

    An internal investigation concluded on October 25, 2022 revealed that hackers had gained unauthorized access to LCMHS' network and then stole sensitive files.

     

    These files contained patient information such as:

     

    • Full names
    • Physical addresses
    • Dates of birth
    • Medical records
    • Patient identification numbers
    • Health insurance information
    • Payment information
    • Limited clinical information regarding the received care
    • Social Security numbers (in some cases)

     

    LCMHS' announcement clarifies that its electronic medical records were out of reach for the network intruders.

     

    "Beginning December 23, 2022, we are mailing letters to patients whose information may have been involved in this incident," reads the notification.

     

    "We are offering individuals whose Social Security number may have been included with complimentary credit monitoring and identity theft protection services. Patients are encouraged to review statements from their health insurer and healthcare providers, and to contact them immediately if they see any services they did not receive." - LCMHS
     

    LCMHS reported the incident to the secretary of the U.S. Department of Health and Human Services (HHS). The portal for healthcare related breaches now reports that 269,752 individuals have been impacted by the incident.

    Hive ransomware claims the attack

    The Hive ransomware group listed LCMHS on its data leak site on November 15, 2022, a step that typically comes after failed negotiations for paying a ransom.

     

    Interestingly, the hackers claim that the encryption took place on October 25, 2022, four days after LCMHS reported the first detection of the network intrusion.

     

    hive.png

    LCMHS breach published on Hive ransomware data leak site
    source: BleepingComputer

     

    Hive has also published the files allegedly stolen after breaching LCMHS systems.

     

    The listed files include bills of materials, cards, contracts, medical info, papers, medical records, scans, residents, and more. BleepingComputer could not confirm if these files are authentic or not.

     

    If you have received care on LCMHS in the past, it is recommended to stay vigilant for incoming communications asking you to give away personal information and payment data.

     

    Also, you should monitor your bank statements and report any suspicious transactions to your bank immediately.

     

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...