The Lake Charles Memorial Health System (LCMHS) is notifying almost 270,000 patients who have received care at one of its medical facilities about a data breach from October.
The ransomware attack stole patient names, addresses, dates of birth, payment information, and, in some cases, Social Security numbers, as per a Gizmodo report.
An Investigation Reveals Some Details About The Attack
The cybersecurity breach, according to the post published on the LCMHS website, happened on October 21 when the company's security staff discovered unusual activity on the computer network.
Later on, an internal investigation that was completed on October 25 found that hackers had acquired illegal access to the LCMHS network before stealing private documents.
This comprises patient health insurance details, medical record numbers, and, in some instances, Social Security numbers.
Despite this, the LCMHS release makes it clear that the network invaders couldn't access the organization's computerized medical records.
Additionally, the hospital system claims on its notice that it has already been contacting patients whose information may have been involved in the incident via email since December 23.
Moreover, LCMHS has reportedly informed the US Department of Health and Human Services secretary about the event, according to Bleeping Computer.
With a 314-bed hospital, a 54-bed women's hospital, a 42-bed behavioral health hospital, and a primary care clinic for uninsured patients, LCMHS is the largest medical complex in Lake Charles, Louisiana.
Because of how big the system is, it is susceptible to widespread ransomware attacks that hackers can exploit to get millions of dollars by selling patients' sensitive private information.
According to the portal for healthcare-related breaches, the problem has already affected 269,752 people as of writing.
It is advised to be on the lookout for incoming emails asking to share personal information and payment data, the LCMHS warns.
Read More: Wisconsin, Illinois Healthcare System Breach Impacts 3 Million Patients
The Hive Ransomware Group Takes Accountability For The Attack
Ransomware group known as Hive claimed credit for hacking the Lake Charles Memorial system on their dark website to extort victims.
On November 15, the Hive ransomware organization published LCMHS on its data breach website, a move that generally occurs following unsuccessful attempts to negotiate the payment of a ransom.
It is interesting to note that according to the hackers, the encryption happened on October 25, four days after LCMHS reported the first indication of a network attack.
Additionally, Hive has made public the files that were allegedly taken from the LCMHS systems, including bills of materials, cards, contracts, medical information, paperwork, medical records, scans, residents, and more.
Over 1,300 firms around the world, many of them in the healthcare industry, had paid about $100 million in ransom to the Hive ransomware as of November, CNN Politics writes.
Even though Lake Charles Memorial claimed that the attack did not affect its commercial operations, this holiday season has seen disruptions at several major US and Canadian healthcare organizations.
One of Canada's biggest children's hospitals, SickKids, even warned that weeks might be needed to properly recover its computer systems after a recent ransomware attack.
Because of this, healthcare industry executives are considerably more aware of hacking concerns now.
Additionally, a cottage industry of cybersecurity experts and consultancies has committed their focus on strengthening the sector's defenses.
Related Article: French Hospital Stops Operations, Transfers Patients Due To Ransomware Attack