Ransomware Gang Ups the Ante by Publishing Naked Images of Patients
In what is believed to be a first, the BlackCat ransomware gang has published naked images of patients that were stolen in one of its attacks on a healthcare organization in an attempt to pressure the victim into paying the ransom. Lehigh Valley Health Network (LVHN) recently announced that it was dealing with a ransomware attack that was detected on February 6, 2023. LVHN confirmed that the BlackCat ransomware group was behind the attack and had issued a ransom demand, payment of which would see the decryption keys provided and would prevent the release of data stolen in the attack. Brian A. Nester, LVHN President and CEO, confirmed that LVHN refused to pay the ransom and operations were unaffected.
Nester said the attack was on the network supporting a physician practice in Lackawanna County and the computer system involved stored clinically appropriate patient images for radiation oncology treatment and other sensitive patient information. “Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident,” said Nester.
In an attempt to pressure LVHN into paying the ransom, BlackCat started leaking some of the stolen data on its data leak site. While data leaks are now common when victims of ransomware attacks refuse to pay the ransom, BlackCat took matters a step further and published patient images stolen in the attack. Images of three breast cancer patients, naked from the waist up, were published on the data leak site along with screenshots of patient data showing diagnoses. “This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior,” said LVHN spokesperson, Brian Downs.
The HHS recently issued a security advisory about the Blackcat ransomware group which actively targets organizations in the healthcare and public health sector and warned that the group engages in aggressive triple extortion tactics. While many ransomware groups use double extortion involving data theft and threats to release stolen data in addition to file encryption, BlackCat uses a third tactic – threatening to conduct Distributed Denial of Service Attacks (DDoS) on victims until they pay up.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
BlackCat is not the only ransomware gang to try new tactics to get victims to pay up. The Medusa ransomware gang recently attacked the Minneapolis Public Schools (MPS) District, stole sensitive data, then encrypted files. When payment was not made, MPS was added to the group’s data leak site and a threat was issued to publish the entire trove of data stolen in the attack. The group issued a ransom demand of $1 million, with the data leak site also offering the stolen data to anyone willing to pay the same amount. In a novel twist, the group also published a video showing the data stolen in the attack. The video, which is 51 minutes long, was added as proof of the extent of the data exfiltrated from MPS’s systems.
Ransomware gangs have had to adopt more aggressive tactics as fewer victims are paying ransom demands. According to Coveware, in Q4, 2022, only 37% of victims paid a ransom following a ransomware attack, compared to 76% of victims in 2019. Coveware says several factors are driving the reduction in the profitability of ransomware attacks. Greater investment in security and incident response planning means organizations are better prepared for attacks and are less likely to suffer a material impact from a successful attack. The FBI and other law enforcement agencies are still pursuing the perpetrators of these attacks, but they are also now putting more resources into helping victims recover. Coveware also points out that as revenues fall, operating costs to carry out attacks increase, which means fewer ransomware actors can make a living from distributing ransomware and even large ransomware groups are feeling the effect, hence the need to adopt new tactics to pressure victims into paying up and improve the profitability of attacks.