LVHN: Images of cancer patients posted on dark web after cyberattack by ransomware gang
The attack was focused on a system used at a physician practice in Lackawanna County, Pennsylvania.
PHILADELPHIA (WPVI) -- The Lehigh Valley Health Network says stolen documents and images of cancer patients are now circulating on the dark web after a recent cyberattack.
Three photos of cancer patients receiving radiation oncology treatment, along with seven other documents containing patient information have been posted online, the health network confirms.
The leak follows a cyberattack that was discovered on February 6 by a ransomware gang called "BlackCat," which the health network previously said is associated with Russia.
At the time the attack was discovered, Lehigh Valley Health Network's president and CEO said they refused to pay up on a ransom that was demanded by the group.
SEE ALSO: Lehigh Valley Health Network says it was target of cyberattack by ransomware gang
Dr. Pablo Molina, the chief information security officer for Drexel University, says there is always a risk in paying a ransom demand.
"A very interesting dilemma is the following: we all know that if we pay a ransom they will use that money to in turn conduct more attacks. So it's not only that we're losing the money, but also we'll facilitate future attacks against some other organizations. Possibly our peers, possibly our clients or suppliers," said Molina.
The Lehigh Valley Health Network released a statement Tuesday saying, "This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior."
They also say while the investigation continues, as of Tuesday, the attack was focused on a system used at a physician practice in Lackawanna County, Pennsylvania.
It was just this past January when the Department of Health and Human Services put out a warning about the group, saying BlackCat is a relatively new but highly-capable ransomware threat to the health sector that was first detected in November 2021.
The group conducts triple extortion, and 47% of victims are in the U.S., according to HHS's January threat brief.
"This group, in particular, is unusual to some extent. They will go after hospitals because this is where the money is. And they will go after US hospitals because this is where a lot of money is, and they've been successful in the past," said Molina.
Lehigh Valley Health Network operates numerous health facilities across a portion of Pennsylvania.
