The Lake Charles Memorial Health System (LCMHS) announced that a data breach incident affected about 270,000 individuals receiving healthcare at one of its medical centres.
LCMHS is one of the biggest medical firms in Louisiana. The healthcare organisation has a 314-bed hospital, a 42-bed behavioural health hospital, a 54-bed women’s hospital, and a primary care clinic for uninsured residents.
According to the notification on the firm’s website, the cyberattack happened last October, when the org’s security team spotted an unusual activity on one of their computer networks. An investigation revealed that the hackers illegally accessed its network and stole critical files.
Based on reports, the stolen files contained critical information such as names, physical addresses, dates of birth, medical records, patient identification numbers, health insurance details, payment data, limited clinical information regarding the received care, and Social Security numbers.
LCMHS assured everyone that the hackers stole no other data during the attack.
An LCMHS representative explained that the attackers had not breached their electronic medical records.
The notification also said that the company would commence mailing letters to patients whose information may have been impacted by the incident. The portal for healthcare-related breaches reports that more than 260,000 individuals have been affected by the attack.
Experts claimed the Hive ransomware group listed LCMHS on its data leak website last month. The researchers said that threat groups only list their target to its data leak site if they have failed to negotiate.
The group further claimed that the encryption process of the attack happened four days after the healthcare organisation reported their first detection of unauthorised access. In addition, the Hive ransomware group published the stolen files after infiltrating the affected systems.
Cybersecurity experts suggest that anyone who receives a notification from the LCMHS should remain wary of unwanted incoming communications. The attacks have leaked information and contact numbers which other groups could use for a phishing campaign.
Lastly, affected individuals should keep tabs on their banking statements and report any unwanted transactions to their respective banks.