Lehigh Valley Health Network discloses ransomware attack, refuses to pay

The Lehigh Valley Health Network says the system has experienced a ransomware attack launched by a gang with ties to Russia.

Lehigh Valley, based in northeastern Pennsylvania, says the attack has not disrupted services. And the system says it won’t pay the ransom demand.

The health system disclosed the attack Monday, Feb. 20. Lehigh Valley said a gang known as BlackCat, which has ties to Russia, launched the attack, according to WPVI-TV in Philadelphia and other media reports.

Brian Nester, president and CEO of Lehigh Valley Health Network, said in a statement that “the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical.”

• Read more: Cybersecurity in healthcare: Even with progress, many vulnerabilities remain

Nester said Monday that the system continues to operate normally.

Lehigh Valley first discovered unauthorized activity within the system on Feb. 6, Nester said. The network immediately notified law enforcement agencies and began working with cybersecurity experts, Nester said.

“Although our investigation is ongoing, as of today, our initial analysis shows that the incident involved a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information,” Nester said in the statement, which was provided to several news outlets.

“BlackCat demanded a ransom payment, but LVHN refused to pay this criminal enterprise. We understand that BlackCat has targeted other organizations in the academic and healthcare sectors.”

BlackCat ransomware was first identified in November 2021 and has compromised at least 60 victims, according to a Jan. 13 report from the U.S. Department of Health & Human Services. The group has said it does not attack hospitals, but that rule doesn’t apply to private clinics, according to the HHS advisory.

BlackCat has targeted the public health sector, according to a December 2022 analyst note from the Health Sector Cybersecurity Coordinating Center. Federal officials say BlackCat runs “one of the most sophisticated” ransomware operations, which is more technically complex than other gangs.

Lehigh Valley operates 13 hospital campuses, along with other health centers and physician practices across eastern Pennsylvania.

More hospitals and health systems say they have suffered ransomware attacks in the past few years.

In a recent survey of healthcare IT professionals by the Ponemon Institute, nearly half (47%) said their organizations experienced a ransomware attack in the past two years. In addition, 45% of health IT pros reported complications from medical procedures due to ransomware attacks, up from 36% in 2021.

Regal Medical Group, based in California, said last week that a ransomware cyberattack exposed patient information. More than 3 million people could have been affected, according to a database of breaches kept by the U.S. Department of Health & Human Services.

Nearly 50 million Americans were affected by health data breaches in 2022, according to a report by Critical Insight, a cybersecurity firm.

Federal authorities said in January that the FBI succeeded in disrupting the Hive ransomware gang, which has targeted hospitals and health systems. The Justice Department said that the FBI managed to penetrate Hive’s systems and thwart up to $130 million in ransom demands.