BlackCat ransomware gang posts nude cancer patient photos, information on dark web; hospital refuses to pay
Ransomware gang BlackCat continues posting nude breast cancer patient photos and other sensitive information on the dark web, the Morning Call reported Friday.
“We expect this shameful tactic to continue,” Lehigh Valley Health Network representative Brian Downs told the the outlet.
At least three photos of cancer patients receiving treatment and seven documents containing patient information have been posted, according to Lehigh Valley Live.
“This despicable act is executed by cyber criminals trying to make money by taking advantage of our patients and colleagues caring for patients and we condemn this reprehensible exploitation.”
“Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident,” Lehigh Valley Health Network president and CEO Brian Nester said in a statement.
“We are continuing to work closely with our cybersecurity experts to evaluate the information involved and will provide notices to individuals as required as soon as possible.”
What is BlackCat?
BlackCat is a Russia-tied hacker group, the Washington Times reported.
BlackCat, also known as ALPHV or Noberus, is a relatively new ransomware variant in operation since November 2021, according to the U.S. Department of Health and Human Services‘ Office of Information Security and Health Sector Cybersecurity Coordination Center.
HHS describes it as “one of the most sophisticated ransomware-as-a-service (RaaS) operations in the global cybercriminal ecosystem.”
BlackCat is known to target both healthcare-related and non healthcare-related enterprises.
Why is the hospital refusing to pay the ransom?
BlackCat demanded a ransom, which LVHN has refused to pay.
“Just because you pay it, doesn’t necessarily mean you will get the data back,” cyber security expert Scott Huxley told WFMZ.
“And in many cases, they are still sharing that information, even though they were paid.”
When did this happen?
LVHN detected unauthorized activity within their system on February 6, according to their statement posted February 22. They “immediately launched an investigation, engaged leading cybersecurity firms and experts, and notified law enforcement.”
Since then, patient photos and data began appearing on the dark web.
Additional patient photos have now been posted, the Morning Call reported Friday, and hospital spokesperson Brian Downs told the outlet he expects the leaks will continue.
Where did BlackCat gain access?
The incident involved a “computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive systems,” according to LVHN’s statement.
LVHN says the attack was on the network supporting one physician practice in Lackawanna County, in northeastern Pennsylvania.
What is the dark web?
The dark web is “the hidden collective of internet sites only accessible by a specialized web browser,” cyber security experts at Kaspersky explains.
“It is used for keeping internet activity anonymous and private, which can be helpful in both legal and illegal applications.”
Layers of the dark web that contribute to its anonymity include lack of webpage indexing, “virtual traffic tunnels,” and its inaccessibility via standard web browsers.