A ransomware gang with Russian ties is accused of posting nude photos of cancer patients online after a Pennsylvania healthcare group refused to comply with their demands.
Lehigh Valley Health Network called the cyberattack an “unconscionable criminal act” that exploits patients receiving cancer treatment, according to Lehigh Valley Live.
On Sunday, a Twitter feed tracking malware said hacker group ALPHV, also known as BlackCat, was “exploiting and sexualizing breast cancer”.
The tweet included a note, apparently from ALPHV, telling the healthcare provider that his patients’ “passports, personal details, questionnaires, nude photos and the like” had been stolen. The hacking group said it was prepared to post these materials online, warning that such disclosure would “cause significant damage to (the provider’s) business.”
In a statement, Lehigh Valley Health Network said the information hacked from its systems included a trio of screenshots containing clinically appropriate images of patients undergoing radiation oncology treatment at a facility in Scranton, Pennsylvania. The breach reportedly also included seven documents containing personal information about the patients. .
It is unclear how much money ALPHV demanded. The organization has reportedly been known to ask for payments of up to $1.5 million.
( The industries most affected by ransomware )
Lehigh Valley Health Network said last month that it experienced a cyberattack that did not disrupt operations, but warned that the incursion was targeting images like those released over the weekend. The police were informed of the situation.
ALPHV is said to target academic and healthcare institutions.
Georgia station WMAZ reported Monday that a Houston County-based health care group that treats 300,000 patients a year was attacked by a ransomware attack last week, prompting health workers to put “backup processes” in place.
No further details of that attack have been made public.
