Hackers stole and leaked personal data for nearly 270,000 patients and employees in a ransomware attack in October against a healthcare organization located in southwest Louisiana. The Hive ransomware group has taken credit for the attack.
Lake Charles Memorial Health System says in a newly released breach report that hackers accessed hospital systems from Oct. 20 to Oct. 21 and stole files containing details such as patients’ names, addresses, birthdates, medical records or patient identification numbers, health insurance information, payment information and clinical information, including care received. For some breach victims, Social Security numbers were also exposed.
The Lake Charles Memorial Health System consists of Lake Charles Memorial Hospital, Lake Charles Memorial Hospital for Women, Moss Memorial Health Clinic, Archer Institute and the Memorial Medical Group.
The health system says it confirmed the attack on Oct. 25 and brought in cybersecurity experts to investigate. It also notified law enforcement that it had suffered a hack attack.
Despite confirming the breach two months ago, LCMHS notified the U.S. Department of Health and Human Services’ Office for Civil Rights about the incident on Dec. 22. Such notifications are required under the HITECH Act for any breaches of unsecured protected health information affecting 500 or more individuals. The law requires such reporting to be done “without unreasonable delay and in no case later than 60 days following a breach.”