Contents:
A cancer patient whose naked medical photos and records were stolen by a ransomware gang and posted online has sued her healthcare provider for allowing the “preventable” and “seriously damaging” data leak.
The proposed class-action lawsuit stems from a February intrusion in which ransomware crew BlackCat (also known as ALPHV) broke into one of the Lehigh Valley Health Network physician’s networks, stole images of patients undergoing radiation oncology treatment as well as other sensitive health records belonging to over 75,000 people, and then demanded a ransom payment to decrypt the files and prevent the data from being posted online.
The Pennsylvania healthcare system, one of the largest in the country, oversees 13 hospitals, 28 health centers, and dozens of other physician clinics, pharmacies, rehab centers, imaging, and lab services. LVHN refused to pay the ransom, and BlackCat began leaking patient information earlier this month, including images of at least two breast cancer patients naked from the waist up.
This unconscionable criminal act exploits cancer patients, and LVHN condemns this despicable behavior.
In the official lawsuit PDF files, you can read more about how one of the patients, identified as “Jane Doe,” found out about the data breach.
On March 6, LVHN VP of Compliance Mary Ann LaRock called the patient and informed her that hackers had leaked her naked photos. “With a chuckle, Ms. LaRock offered the plaintiff an apology and two years of credit monitoring,” according to court documents.
In addition to stealing susceptible photos, the thieves also stole everything required for identity fraud.
According to the lawsuit, LaRock also told the patient that her email address, date of birth, social security number, health insurance provider, medical diagnosis and treatment information, and lab results were also likely stolen in the breach.
Given that LVHN is and was storing plaintiff and the class’s sensitive information, including nude photographs of plaintiff receiving sensitive cancer treatment, LVHN knew or should have known of the serious risk and harm that could occur from a data breach.
It has been determined that LVHN was negligent in protecting patients’ sensitive information. As a result, the patients request class-action status for everyone whose data was compromised, with monetary damages.
For years, ransomware groups have targeted hospitals and other medical facilities, knowing that the nature of the sensitive data and the need for the facilities to restore systems quickly could result in higher payments and shorter negotiation times.
According to cybersecurity researchers, there were at least 25 ransomware incidents involving the healthcare industry last year, potentially affecting patient care in 290 hospitals.
According to data from the agency’s breach portal, the Department of Health and Human Services Office for Civil Rights is investigating 869 health information-related data breaches affecting 500 or more people reported within the last two years. The cases collectively involve a potential 78 million people, with breach causes including hacking/IT incidents and unauthorized access/disclosure.
How Can Heimdal® Protect You Against Ransomware Attacks?
Companies and organizations, regardless of industry, seeking to protect themselves from ransomware and other cyberattacks can significantly benefit from Heimdal’s Ransomware Encryption Protection Module, which is part of an integrated cybersecurity suite and is universally compatible with any antivirus solution and 100% signature-free, ensuring superior detection and remediation of all types of ransomware.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.