The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Ransomware Gang Ups the Ante by Publishing Naked Images of Patients

Posted By on Mar 9, 2023

In what is believed to be a first, the BlackCat ransomware gang has published naked images of patients that were stolen in one of its attacks on a healthcare organization in an attempt to pressure the victim into paying the ransom. Lehigh Valley Health Network (LVHN) recently announced that it was dealing with a ransomware attack that was detected on February 6, 2023. LVHN confirmed that the BlackCat ransomware group was behind the attack and had issued a ransom demand, payment of which would see the decryption keys provided and would prevent the release of data stolen in the attack. Brian A. Nester, LVHN President and CEO, confirmed that LVHN refused to pay the ransom and operations were unaffected.

Nester said the attack was on the network supporting a physician practice in Lackawanna County and the computer system involved stored clinically appropriate patient images for radiation oncology treatment and other sensitive patient information. “Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident,” said Nester.

In an attempt to pressure LVHN into paying the ransom, BlackCat started leaking some of the stolen data on its data leak site. While data leaks are now common when victims of ransomware attacks refuse to pay the ransom, BlackCat took matters a step further and published patient images stolen in the attack. Images of three breast cancer patients, naked from the waist up, were published on the data leak site along with screenshots of patient data showing diagnoses. “This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior,” said LVHN spokesperson, Brian Downs.

The HHS recently issued a security advisory about the Blackcat ransomware group which actively targets organizations in the healthcare and public health sector and warned that the group engages in aggressive triple extortion tactics. While many ransomware groups use double extortion involving data theft and threats to release stolen data in addition to file encryption, BlackCat uses a third tactic – threatening to conduct Distributed Denial of Service Attacks (DDoS) on victims until they pay up.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

BlackCat is not the only ransomware gang to try new tactics to get victims to pay up. The Medusa ransomware gang recently attacked the Minneapolis Public Schools (MPS) District, stole sensitive data, then encrypted files. When payment was not made, MPS was added to the group’s data leak site and a threat was issued to publish the entire trove of data stolen in the attack. The group issued a ransom demand of $1 million, with the data leak site also offering the stolen data to anyone willing to pay the same amount. In a novel twist, the group also published a video showing the data stolen in the attack. The video, which is 51 minutes long, was added as proof of the extent of the data exfiltrated from MPS’s systems.

Ransomware gangs have had to adopt more aggressive tactics as fewer victims are paying ransom demands. According to Coveware, in Q4, 2022, only 37% of victims paid a ransom following a ransomware attack, compared to 76% of victims in 2019. Coveware says several factors are driving the reduction in the profitability of ransomware attacks. Greater investment in security and incident response planning means organizations are better prepared for attacks and are less likely to suffer a material impact from a successful attack. The FBI and other law enforcement agencies are still pursuing the perpetrators of these attacks, but they are also now putting more resources into helping victims recover. Coveware also points out that as revenues fall, operating costs to carry out attacks increase, which means fewer ransomware actors can make a living from distributing ransomware and even large ransomware groups are feeling the effect, hence the need to adopt new tactics to pressure victims into paying up and improve the profitability of attacks.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist