The LockBit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow.
Capital Health is a primary healthcare service provider in New Jersey and parts of Pennsylvania, operating two major hospitals and several satellite and specialty clinics.
Last November, the organization experienced an IT systems outage following a cyberattack on its network, warning that the incident would impact its operations for at least a week.
A security incident notification on the Capital Health website informs that all systems have been restored and operations have returned to normal, while additional security measures have been implemented to prevent similar incidents from re-occurring.
Capital Health's latest updates indicate they are still investigating whether data was stolen in the cyberattack.
The LockBit ransomware gang has now claimed responsibility for the attack on Capital Health by listing the healthcare company on its data leak extortion portal yesterday.
The cybercriminals allege to have stolen seven terabytes of sensitive medical data they threaten to leak tomorrow if the organization fails to meet their ransom payment demands.
LockBit has an affiliate rule that states their affiliates will not encrypt files on hospital networks but allow them to steal data for extortion.
While this policy has been broken numerous times by the operation's affiliates, in the attack on Capital Health, the LockBit operation says they purposely avoided encrypting the organization's files and instead only stole data.
Most ransomware groups tend to have strict policies regarding healthcare service providers, advising their affiliates not to perform such assaults for ethical reasons and banning them if they deviate from that instruction.
The LockBit operation has repeatedly targeted healthcare networks, including the SickKids children's cancer hospital, the Katholische Hospitalvereinigung Ostwestfalen in Germany, and the Carthage Area Hospital and Claxton-Hepburn Medical Center in upstate New York.
Encryption-less ransomware attacks can still lead to system outages as part of the victim's response action, catastrophic data breaches for many people who received care in the targeted hospitals, and significant financial losses for already underfunded or economically stressed institutions.
Recent examples of high-impact ransomware attacks in the healthcare sector are abundant, including other victims, such as Ardent Health Services, Integris Health, ESO Solutions, and the Fred Hutchinson Cancer Center.
Lockbit ransomware disrupts emergency care at German hospitals.
Ransomware gang behind threats to Fred Hutch cancer patients.
Healthcare software provider data breach impacts 2.7 million.
Norton Healthcare discloses data breach after May ransomware attack.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 08 Jan 2024 16:00:14 +0000