Lehigh Valley Health Network Hit By BlackCat Ransomware Attack
BlackCat has been known to target healthcare organizations with highly sophisticated ransomware attacks.
Source: Getty Images
By Jill McKeon
- Lehigh Valley Health Network (LVHN) President and CEO Brian A. Nester, DO, MBA, announced that LVHN was the target of a BlackCat ransomware attack in early February. BlackCat is a sophisticated ransomware variant known to be leveraged against healthcare organizations.
“As of today, the attack has not disrupted LVHN’s operations,” the announcement stated.
“Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical.”
Specifically, the attack involved a computer system containing patient images for radiation oncology treatment and other sensitive information. The Pennsylvania-based health system said it refused to pay the ransom demanded by BlackCat and is still actively investigating the incident.
“Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident,” the notice concluded.
As previously reported, the HHS Health Sector Cybersecurity Coordination Center (HC3) issued an analyst note about BlackCat in December and urged healthcare organizations to remain vigilant.
BlackCat, also known as ALPHV or Noberus, is a highly sophisticated ransomware variant that has been active since November 2021 and operates under a RaaS model.
“It is exceptionally capable and is believed to be operated by individuals with significant experience as cyber criminals, who have extensive relationships with other significant players throughout the cybercriminal ecosystem,” the analyst note stated.
“BlackCat is known to have targeted the healthcare and public health (HPH) sector and is expected to continue. The HPH should take this threat seriously and apply appropriate defensive and mitigative actions towards protecting their infrastructure from compromise.”
In January, BlackCat claimed that it attacked EHR vendor NextGen Healthcare. BlackCat posted an alleged sample of NextGen data on its leak site, but later removed the listing.
HC3 recommended that organizations safeguard against common BlackCat attack vectors and implement mitigations such as multifactor authentication and network segmentation. Organizations should also disable unused remote access, audit user accounts with administrative privileges, and review antivirus logs.
