Patient names, addresses, dates of birth, payment information and, in some cases, Social Security numbers were swiped in the ransomware attack.
The only thing scarier than America’s privatized healthcare system is America’s privatized healthcare system getting hacked. Well, I have bad news—Lake Charles Memorial Health System in Louisiana has been the subject of a ransomware attack, potentially affecting hundreds of thousands of patients.
Lake Charles Memorial Health System is a hospital network located in Southern Louisiana that is home to six medical facilities with over 400 beds to provide care to the residents of the state. The hospital system announced recently that it was the subject of a ransomware attack this past October, and has begun the process of notifying those involved—a breach report from the U.S. Department of Health and Human Services estimates that 269,752 individuals were affected.
“On October 21, 2022, LCMHS’s information security team detected unusual activity involving our computer network. We took immediate action to contain the activity and investigate its cause. On October 25, 2022, we learned that an unauthorized third party gained access to our network,” the hospital system wrote in a statement published on its website. “The investigation determined that the unauthorized access to our computer network occurred between October 20 and October 21, 2022, during which time the unauthorized third party accessed or obtained certain files from our systems.”
LCMHS suggests that some of the data that may have been obtained include patient names, addresses, dates of birth, medical record/patient ID numbers, health insurance information, payment information, and information on patient care in the system. In some cases, Social Security numbers were also swiped.
According to Bleeping Computer, a hacker group known as Hive allegedly listed LCMHS as a target on the group’s website in November 2022 while claiming the hack took place on October 25, not October 21 as the hospital claimed. Hive is no stranger to ransomware, as TechCrunch reported last month that the group has extorted nearly $100 million from 1,300 victims since it was first observed in action in June 2021.
– Gizmodo