The threat actors behind this attack appear to have been part of the Hive ransomware gang, which was recently the subject of a joint cybersecurity advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the HHS. According to this advisory, the Hive ransomware gang has collected a total of $100 million in ransom fees from over 1,300 organizations. The advisory also notes that the gang maintains a dedicated leak site (DLS) where it publicizes its ransomware attacks and threatens to publish stolen files if victims don’t pay ransom fees.
The 269,752 affected individuals are a mix of LCMHS patients, business partners, and employees, including interns and residents. A review of the now publicly available documents reveals that they contain the following information and more:
- Patient IDs
- Social Security numbers
- Home addresses
- Phone numbers
- Email addresses
- Credit card credentials and payments
- Bank statements
- Insurance policy information
- Detailed medical records
Perhaps the only silver lining here is that the stolen patient records don’t appear to stretch any farther back than 2018, though the same can’t be said for the hospital’s operational documentation. LCMHS states that it has begun mailing letters to patients who may have been affected by the data breach. The healthcare system is also offering credit monitoring and identity theft protection services to those whose Social Security numbers may have been exposed. Anyone who may have been affected by this breach, regardless of whether they receive this offer or not, should be extra wary of phishing attempts and consider implementing free identity-theft protection measures such as credit freezes.