SALISBURY TWP., Pa. — Lehigh Valley Health Network said Monday it was the target of a cybersecurity attack by a ransomware gang known as BlackCat, which has been associated with Russia.
"As of today, the attack has not disrupted LVHN’s operations," said Dr. Brian Nester, the health network's president and CEO.
"Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County," said Nester. "We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical."
- Lehigh Valley Health Network was targeted by a ransomware gang known as BlackCat
- LVHN said it detected the unauthorized activity on Feb. 6
- BlackCat demanded a ransom payment, but LVHN says it won't pay and the attack has not disrupted operations
LVHN said it detected unauthorized activity within its IT system on Feb. 6. The technology team immediately launched an investigation, engaged cybersecurity experts and notified law enforcement.
By Monday morning, it was continuing to work with experts to investigate the scope of the incident but said the health network continues to operate normally.
"Although our investigation is ongoing, as of today, our initial analysis shows that the incident involved a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information," Nester said.
"BlackCat demanded a ransom payment, but LVHN refused to pay this criminal enterprise. We understand that BlackCat has targeted other organizations in the academic and health care sectors.
"BlackCat demanded a ransom payment, but LVHN refused to pay this criminal enterprise"Dr. Brian Nester, LVHN President & CEO
"We are continuing to work closely with our cybersecurity experts to evaluate the information involved and will provide notices to individuals as required as soon as possible. Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident."
In various news outlets, BlackCat has been described as a prevalent threat and is responsible for attacks on health care groups, businesses, social service organizations and more.
According to Microsoft, BlackCat ransomware, also known as ALPHV, is often used for "double extortion" where attackers encrypt stolen data and then threaten to release it to the public if the ransom isn't paid.
In January, the Department of Health and Human Services said the U.S. health care and public health sectors continues to be aggressively targeted by ransomware operators, naming Royal and BlackCat as two of the most recent sophisticated ransomware threats.
It said BlackCat was first detected in November 2021 and compromised at least 60 victims in four months, with its targeting focused on the U.S. healthcare industry.
According to the FBI, the group said it does not attack state medical institutions, ambulances or hospitals, but this rule does not apply to pharmaceutical companies or private clinics.
"The FBI does not encourage paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities," the FBI said in an online memo while encouraging organizations to promptly report ransomware incidents to their local FBI field office.