Fraud Management & Cybercrime , Healthcare , Industry Specific
Pennsylvania Health System CEO Confirms BlackCat Attack
Physician Practices Network Hit by Russian-Backed Group on Heels of National AlertLehigh Valley Health Network, which operates 13 hospitals and numerous physician practices and clinics in eastern Pennsylvania, says it has been hit with an attack by Russian-based ransomware-as-a-service group BlackCat.
See Also: Mitigating Identity Risks, Lateral Movement and Privilege Escalation
Brian Nester, president and CEO of the network, in a statement provided to Information Security Media Group on Tuesday, says that the attack so far has not disrupted the health network's operations.
"Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical."
The group's IT team on Feb. 6 detected unauthorized activity within its IT system, Nester says. The organization immediately launched an investigation, engaged leading cybersecurity firms and notified law enforcement, he says. "We are continuing to work with our experts to investigate the scope of the incident, and as of today, we continue to operate normally."
LVHN's investigation is ongoing, but its initial analysis shows that the incident involved a computer system used for "clinically appropriate patient images for radiation oncology treatment and other sensitive information," he says.
"BlackCat demanded a ransom payment, but LVHN refused to pay this criminal enterprise. We understand that BlackCat has targeted other organizations in the academic and healthcare sectors," Nester says.
"We are continuing to work closely with our cybersecurity experts to evaluate the information involved and will provide notices to individuals as required as soon as possible," he adds. "Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident."
A LVHN spokesman declined ISMG's request for additional details about the BlackCat incident, including the amount of the ransom demanded.
Other Attacks
LVHN is among the latest alleged healthcare sector victims of BlackCat, which is also known as Alphv.
Last month, electronic health records vendor NextGen Health and pharmacy management services firm PharmaCare Services were purportedly among healthcare sector victims listed on BlackCat's leak data site (see: 2 Vendors Among BlackCat's Alleged Recent Ransomware Victims).
These latest BlackCat incidents come on the heels of a recent U.S. Department of Health and Human Services warning to the healthcare sector about threats involving the cybercrime group (see: BlackCat, Royal Among Most Worrisome Threats to Healthcare).
The BlackCat ransomware-as-a-service group has demanded ransom payments as high as $1.5 million, and affiliates keep 80% to 90% of the extortion payments, according to the HHS alert. "BlackCat tooling is constantly changing as they cycle through testing/usage, updating their arsenal frequently," the alert says.
While details of the LVHN attack by BlackCat are just emerging, the incident underscores important considerations for other healthcare sector entities, says Frank Catucci, chief technology officer and head of research at security firm Invicti Security.
"Organizations need to be hyper aware of their legacy systems and focus on increasing their cyber resiliency," Catucci says. "As healthcare organizations continue to modernize legacy systems, including the shift from on-premise solutions to cloud-based solutions, they need to be prepared to monitor and manage their increasingly complex IT infrastructure. This entails developing an inventory of their rapidly changing environments and systems, as you can't protect what you don't know exists in the first place."