A Russian hacker network has published online naked photos of cancer patients which they stole from a hospital network, after they refused to pay a ransom.
Lehigh Valley Health Network, a Pennsylvania-based consortium of 13 hospitals and 28 health care centers, said the hackers’ actions were an ‘unconscionable criminal act’.
The images were obtained by a group known as ALPHV, nicknamed BlackCat – a group that is also believed to be behind a September hack of Italy’s state-owned energy company.
On February 6 the healthcare company said they found unauthorized activity on their computer networks, and alerted law enforcement.
A month later, the hackers issued a statement saying they had ‘been in your network for a long time’, and had accessed patient passports, questionnaires, personal data and ‘nude photos’.
vCard.red is a free platform for creating a mobile-friendly digital business cards. You can easily create a vCard and generate a QR code for it, allowing others to scan and save your contact details instantly.
The platform allows you to display contact information, social media links, services, and products all in one shareable link. Optional features include appointment scheduling, WhatsApp-based storefronts, media galleries, and custom design options.
Lehigh Valley Health Network runs 13 hospitals and 28 health care centers. They noticed unusual activity on their computers in early February
The hackers published this ransom note online
The healthcare company said the stolen information includes three screenshots, described as ‘clinically appropriate’ photographs of cancer patients receiving radiation oncology treatment.
There were also seven documents containing patient information, Lehigh Valley Live reported.
The data was published on the dark web when the hospital refused to pay the hackers.
‘Our blog is followed by a lot of world media, the case will be widely publicized, and will cause significant damage to your business,’ the hackers said.
‘Your time is running out. We are ready to unleash our full power on you.’
It was unclear how much money the hackers wanted.
The U.S. Department of Health and Human services said in January that BlackCat has demanded ransoms as high as $1.5 million.
The Allentown, Pennsylvania-based company said that publishing the patient data was ‘despicable’.
‘This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior,’ the company said.
Brian Nester, the CEO of the healthcare company, said they were still identifying information involved in the incident.
‘We will provide notices as required to those whose information was involved,’ the company statement said.
Brian Nester, the CEO of Lehigh Valley Health Network
Lehigh Valley operates a series of hospitals across Pennsylvania
Russian hackers have become increasingly bold, launching attacks on global banks, Britain’s Royal Mail and U.S. infrastructure.
On March 2, an ambitious and wide-ranging White House cybersecurity plan was released, calling for bolstering protections on critical sectors and making software companies legally liable when their products do not meet basic standards.
The strategy document promises to use ‘all instruments of national power’ to pre-empt cyberattacks.
The Democratic administration also said it would work to ‘impose robust and clear limits’ on private sector data collection, including of geolocation and health information.
‘We still have a long way to go before every American feels confident that cyberspace is safe for them,’ said Kemba Walden, acting national cyber director.
‘We expect school districts to go toe-to-toe with transnational criminal organizations largely by themselves. This isn’t just unfair. It’s ineffective.’
The strategy largely codifies work already underway during the last two years following a spate of high-profile ransomware attacks on critical infrastructure.
A 2021 attack on a major fuel pipeline caused panic at the pump, resulting in an East Coast fuel shortage, and other damaging attacks made cybersecurity a national priority. Russia’s invasion of Ukraine compounded those concerns.
The 35-page document lays the groundwork for better countering rising threats to government agencies, private industry, schools, hospitals and other vital infrastructure that are routinely breached.
In the past few weeks, the FBI, U.S. Marshals Service and Dish Network were among the intrusion victims.
‘The defense is hardly winning. Every few weeks someone gets hacked terribly,’ said Edward Amoroso, CEO of the cybersecurity firm TAG Cyber.