A Russian hacker network has posted nude photos of cancer patients they stole from a hospital network after they refused to pay a ransom.
Lehigh Valley Health Network, a Pennsylvania-based consortium of 13 hospitals and 28 health centers, said the hackers’ actions were an “undesirable criminal act.”
The footage was obtained by a group known as ALPHV, nicknamed BlackCat – a group also believed to be behind a September hack of Italy’s state energy company.
On Feb. 6, the healthcare company said they found unauthorized activity on their computer networks and alerted police.
A month later, the hackers issued a statement saying they had “been in your network for a long time” and had access to patient passports, questionnaires, personal data and “nude photos.”
Lehigh Valley Health Network operates 13 hospitals and 28 health centers. They noticed unusual activity on their computers in early February
The hackers have published this ransom note online
The healthcare company said the stolen information included three screenshots, described as “clinically appropriate” photos of cancer patients undergoing radiotherapy.
There were also seven patient information documents, Lehigh Valley live reported.
The data was published on the dark web when the hospital refused to pay the hackers.
“Our blog is followed by many world media, the case will get a lot of publicity and will cause significant damage to your business,” the hackers said.
‘Your time is running out. We are ready to unleash our full power upon you.”
It was unclear how much money the hackers wanted.
The US Department of Health and Human Services said in January that BlackCat has demanded ransoms of up to $1.5 million.
The Allentown, Pennsylvania-based company said publishing the patient data was “despicable.”
“This unscrupulous criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior,” the company said.
Brian Nester, the CEO of the healthcare company, said they were still identifying information involved in the incident.
“We will provide appropriate notices to those whose information was involved,” the company statement said.
Brian Nester, the CEO of Lehigh Valley Health Network
Lehigh Valley operates a range of hospitals throughout Pennsylvania
Russian hackers have become increasingly brazen, launching attacks against global banks, Britain’s Royal Mail and US infrastructure.
An ambitious and comprehensive White House on March 2 cyber security A plan was released, calling for strengthening the protection of critical industries and holding software companies legally accountable when their products fail to meet basic standards.
The strategy paper promises to use “all instruments of national power” to prevent cyber attacks.
The Democratic administration also said it would work to impose “robust and clear limits” on private sector data collection, including geolocation and health information.
“We have a long way to go before every American feels confident that cyberspace is safe for them,” said Kemba Walden, acting national cyber director.
“We expect school districts to be largely self-confronted with transnational criminal organizations. This is not only unfair. It’s not effective.’
The strategy largely codifies the work already underway over the past two years following a spate of high-profile ransomware attacks against critical infrastructure.
An attack in 2021 on a large fuel line caused panic at the pump, resulting in a fuel shortage on the east coastAnd other malicious attacks made cybersecurity a national priority. Russian invasion of Ukraine exacerbated those concerns.
The 35-page document lays the foundation for better combating growing threats to government agencies, the private sector, schools, hospitals and other vital infrastructure that is routinely breached.
In recent weeks, the FBI, US Marshals Service And dish network were among the victims of the burglary.
The defense barely wins. Every few weeks, someone gets horribly hacked,” said Edward Amoroso, CEO of cybersecurity firm TAG Cyber.