Ransomware attack at Louisiana hospital impacts 270,000 patients

Ransomware attack at Louisiana hospital impacts 270,000 patients

The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting thousands of people who have received care at one of its medical centers.

LCMHS is the largest medical complex in Lake Charles, Louisiana, comprising a 314-bed hospital, a 54-bed women’s hospital, a 42-bed behavioral health hospital, and a primary care clinic for uninsured citizens.

According to the announcement posted on the LCMHS site, the cybersecurity incident occurred on October 21, 2022, when the organization’s security team detected unusual activity on the computer network.

An internal investigation concluded on October 25, 2022 revealed that hackers had gained unauthorized access to LCMHS’ network and then stole sensitive files.

These files contained patient information such as:

  • Full names
  • Physical addresses
  • Dates of birth
  • Medical records
  • Patient identification numbers
  • Health insurance information
  • Payment information
  • Limited clinical information regarding the received care
  • Social Security numbers (in some cases)

LCMHS’ announcement clarifies that its electronic medical records were out of reach for the network intruders.

“Beginning December 23, 2022, we are mailing letters to patients whose information may have been involved in this incident,” reads the notification.

“We are offering individuals whose Social Security number may have been included with complimentary credit monitoring and identity theft protection services. Patients are encouraged to review statements from their health insurer and healthcare providers, and to contact them immediately if they see any services they did not receive.” – LCMHS

LCMHS reported the incident to the secretary of the U.S. Department of Health and Human Services (HHS). The portal for healthcare related breaches now reports that 269,752 individuals have been impacted by the incident.

Hive ransomware claims the attack

The Hive ransomware group listed LCMHS on its data leak site on November 15, 2022, a step that typically comes after failed negotiations for paying a ransom.

Interestingly, the hackers claim that the encryption took place on October 25, 2022, four days after LCMHS reported the first detection of the network intrusion.

Hive lists LCMHS on its Tor site
LCMHS breach published on Hive ransomware data leak site
source: BleepingComputer

Hive has also published the files allegedly stolen after breaching LCMHS systems.

The listed files include bills of materials, cards, contracts, medical info, papers, medical records, scans, residents, and more. BleepingComputer could not confirm if these files are authentic or not.

If you have received care on LCMHS in the past, it is recommended to stay vigilant for incoming communications asking you to give away personal information and payment data.

Also, you should monitor your bank statements and report any suspicious transactions to your bank immediately.


Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn