A major health network says a ransomware group has leaked patient information on the dark web after a cyberattack last month.
Lehigh Valley Health Network said in a statement Tuesday that BlackCat, a ransomware group described as being associated with Russia, posted limited patient information on the dark web.
LVHN said this includes three screenshots that are clinically appropriate photographs of cancer patients receiving radiation oncology treatment at LVPG Delta Medix in Scranton. The stolen information also included seven documents containing patient information.
LVHN’s statement condemned the leak, which it called “despicable,” saying “this unconscionable criminal act takes advantage of patients receiving cancer treatment.”
The health network said the attack on the Delta Medix IT system has had “very limited impact” on other LVHN IT systems, and that it will notify individuals whose information was involved.
In February, LVHN said BlackCat conducted a cyberattack on a network supporting a physician’s practice in Lackawanna County.
LVHN’s President and CEO Brian Nester said at the time that the network first detected unauthorized activity within its IT system on Feb. 6, notified law enforcement and cybersecurity experts, and launched an investigation.
The initial analysis found that the incident involved sensitive information and patient images for radiation oncology treatment. BlackCat demanded a ransom payment, but LVHN refused to pay.
The network said the cyberattack did not disrupt LVHN’s operations.
(Original air-date: 3/7/23)