Fraud Management & Cybercrime , Healthcare , Industry Specific

Pennsylvania Health System CEO Confirms BlackCat Attack

Physician Practices Network Hit by Russian-Backed Group on Heels of National Alert
Pennsylvania Health System CEO Confirms BlackCat Attack

Lehigh Valley Health Network, which operates 13 hospitals and numerous physician practices and clinics in eastern Pennsylvania, says it has been hit with an attack by Russian-based ransomware-as-a-service group BlackCat.

See Also: Mitigating Identity Risks, Lateral Movement and Privilege Escalation

Brian Nester, president and CEO of the network, in a statement provided to Information Security Media Group on Tuesday, says that the attack so far has not disrupted the health network's operations.

"Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical."

The group's IT team on Feb. 6 detected unauthorized activity within its IT system, Nester says. The organization immediately launched an investigation, engaged leading cybersecurity firms and notified law enforcement, he says. "We are continuing to work with our experts to investigate the scope of the incident, and as of today, we continue to operate normally."

LVHN's investigation is ongoing, but its initial analysis shows that the incident involved a computer system used for "clinically appropriate patient images for radiation oncology treatment and other sensitive information," he says.

"BlackCat demanded a ransom payment, but LVHN refused to pay this criminal enterprise. We understand that BlackCat has targeted other organizations in the academic and healthcare sectors," Nester says.

"We are continuing to work closely with our cybersecurity experts to evaluate the information involved and will provide notices to individuals as required as soon as possible," he adds. "Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident."

A LVHN spokesman declined ISMG's request for additional details about the BlackCat incident, including the amount of the ransom demanded.

Other Attacks

LVHN is among the latest alleged healthcare sector victims of BlackCat, which is also known as Alphv.

Last month, electronic health records vendor NextGen Health and pharmacy management services firm PharmaCare Services were purportedly among healthcare sector victims listed on BlackCat's leak data site (see: 2 Vendors Among BlackCat's Alleged Recent Ransomware Victims).

These latest BlackCat incidents come on the heels of a recent U.S. Department of Health and Human Services warning to the healthcare sector about threats involving the cybercrime group (see: BlackCat, Royal Among Most Worrisome Threats to Healthcare).

The BlackCat ransomware-as-a-service group has demanded ransom payments as high as $1.5 million, and affiliates keep 80% to 90% of the extortion payments, according to the HHS alert. "BlackCat tooling is constantly changing as they cycle through testing/usage, updating their arsenal frequently," the alert says.

While details of the LVHN attack by BlackCat are just emerging, the incident underscores important considerations for other healthcare sector entities, says Frank Catucci, chief technology officer and head of research at security firm Invicti Security.

"Organizations need to be hyper aware of their legacy systems and focus on increasing their cyber resiliency," Catucci says. "As healthcare organizations continue to modernize legacy systems, including the shift from on-premise solutions to cloud-based solutions, they need to be prepared to monitor and manage their increasingly complex IT infrastructure. This entails developing an inventory of their rapidly changing environments and systems, as you can't protect what you don't know exists in the first place."


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.