A Russian-speaking ransomware group called BlackCat has leaked sensitive data, including photos of breast cancer patients, stolen from a Pennsylvania-based healthcare group, Lehigh Valley Health Network.
The gang taunted the healthcare network on its dark leak site, claiming to have been in the network for a long time and studied its business, stolen confidential information, and is ready to publish it.
The incident involved a computer system “used for clinically appropriate patient images for radiation oncology treatment and other sensitive information.” BlackCat demanded a ransom payment, but the healthcare network refused to pay.
Security researchers have concluded that fewer victims are willing to pay extortion demands, although the rate of ransomware attacks appears to have remained constant over the past three years.
Brett Callow, a threat analyst at security firm Emsisoft, says that as the criminals find it harder and harder to monetize attacks, their tactics will inevitably become more extreme. This was demonstrated in the BlackCat incident, where the escalation may be due to the fact that fewer victims are now paying.
The latest BlackCat incidents come on the heels of a January alert by the US Department of Health and Human Services warning healthcare sectors of growing threats involving BlackCat.
The BlackCat ransomware-as-a-service group has demanded ransom payments as high as $1.5 million, and affiliates keep 80% to 90% of the extortion payments. As ransomware and other cybercriminal groups continue to target healthcare sector entities, it is critical for organizations to heighten their defenses.
Frank Catucci, chief technology officer and head of research at security firm Invicti Security, suggests keeping systems scanned, patched and updated as much as possible, segregating any systems or networks with potentially sensitive data, and enabling multifactor authentication whenever possible.
As the Lehigh Valley Health Network incident demonstrates, ransomware attacks are becoming increasingly targeted and sophisticated, and their impact can be devastating.
Companies, governments, and other organizations must take proactive steps to protect their data and systems from such attacks. These steps include conducting regular risk assessments, implementing robust security controls, providing employee training, and developing an incident response plan.
By taking these steps, organizations can reduce their risk of falling victim to ransomware attacks and minimize the impact of any successful attack.