Hackers accessed the personal data of about 270,000 patients in an attempted ransomware attack on the Louisiana health system in October, a system spokesperson told CNN Wednesday.
The Lake Charles Memorial Health System, which includes a 314-bed hospital, thwarted an attempt by hackers to encrypt its computers, preventing interruptions to patient care, spokeswoman Alison Livingston said. The health care provider’s own security team detected the hack, Livingston said in an email.
The hack came to light recently as the hospital’s network notified patients that their data had been compromised. This includes a patient’s health insurance information, medical record numbers, and in “limited cases” social security numbers, according to the health system.
It’s the latest in a series of ransomware attacks that have continued to attack U.S. medical institutions, often short on cybersecurity resources, for nearly three years during the Covid-19 pandemic.
A ransomware gang known as the Hive was responsible for hacking the Lake Charles Memorial, a dark website designed to extort victims, and dumping data purporting to belong to the healthcare system.
As of November, Hive ransomware had been used to extort approximately $100 million from over 1,300 companies worldwide, many of them in the healthcare sector. The FBI and other federal agencies have warned.
Allan Liska, Senior Threat Intelligence at cybersecurity firm Recorded Future, said: CNN.
Ransomware gangs such as Hive are increasingly stealing data from victim organizations before locking down computers in an attempt to gain leverage in ransom negotiations. Some ransomware operators have “exploited stolen data to contact patients directly and demand payment by threatening to release patient records,” Liska said.
The Lake Charles Memorial said its operations were not affected by the hack, but operations of other major U.S. and Canadian health care providers were disrupted this holiday season.
SickKids, one of Canada’s largest children’s hospitals, said it could take weeks to fully restore its computer systems following a recent ransomware attack. A gradual recovery means “some patients and families may still experience delays in diagnosis and/or treatment,” the hospital said in a statement.
Meanwhile, a network of three hospitals in Brooklyn, New York, had to work without paper charts for weeks after computer systems were attacked in late November, hospital groups said. The CEO told CNN.
Healthcare executives have become more aware of the threat of hacking in recent years, and a cottage industry of cybersecurity experts and consultancies has focused on improving defenses in this area.
However, experts say, especially in smaller hospitals, they often lack the consistent funding and personnel to secure their computer networks. Sometimes volunteers try to fill that void. Early in the pandemic, a group of cybersecurity experts worked night shifts to protect medical institutions from hacking.
Ransomware attacks can threaten patient safety. Ransomware attacks on hospitals, already strained by the Covid-19 pandemic and other crises, could lead to “disabling capacity and poor health,” according to a study by the Department of Homeland Security’s cybersecurity agency. there is.