A Russian hacker network, known as ALPHV, nicknamed BlackCat, leaked naked photos of cancer patients online which they stole from Lehigh Valley Health Network after they refused to pay the ransom.
The Pennsylvania-based consortium said the hackers’ actions were an ‘unconscionable criminal act’.
On February 6, the healthcare consortium said they found unauthorized activity on their computer networks. A month later, the hackers issued a statement stating that they had ‘been in your network for a long time’, and had accessed patient passports, questionnaires, personal data, and ‘nude photos’.
Along with the images, “seven documents containing patient information” were posted, LVHN said.
In response, the health group “immediately launched an investigation, engaged leading cybersecurity firms and experts, and notified law enforcement.”
Lehigh Valley Live reported that the stolen information includes three screenshots, described as ‘clinically appropriate’ photographs of cancer patients receiving radiation oncology treatment. There were also seven documents containing patient information.
Unfortunately, the data was published online on the dark web after the hospital refused to pay the hackers.
‘Our blog is followed by a lot of world media, the case will be widely publicized, and will cause significant damage to your business,’ the hackers said.
‘Your time is running out. We are ready to unleash our full power on you.’
The US Department of Health and Human Services said that the hackers demanded $1.5 million or more in ransom.
‘This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior. We will provide notices as required to those whose information was involved,’ the company said.
Brian Nester, the CEO of the healthcare company, said they were “still identifying information involved in the incident.”
BlackCat, also known as ALPHV and Carbon Spider, is related to the Russian cyber gang REvil, blamed for a global ransomware attack.