Louisiana Hospital: Ransomware Attack on 270,000 Patients

Lake Charles Memorial Health System is sending notices about a data breach that could affect thousands of patients who received treatment at its centers.

LCMHS, the largest hospital complex in Lake Charles Louisiana, includes a 314-bed medical center, a 54 bed women’s hospital and a 42-bed behavioral hospital. It also has a primary clinic for those who are uninsured.

The LCMHS website announced that the cyber-attack occurred October 21st, 2022 when LCMHS’s security team discovered unusual activity in the network.

A thorough internal investigation revealed on October 25th, 2022 that hackers gained unauthorised access to LCMHS network and stole sensitive files.

The files included patient information like:

  • Names in full
  • Addresses in person
  • Birth dates
  • Documents for medical purposes
  • Patient identification numbers
  • Information about health insurance
  • Information about payments
  • There is limited clinical data regarding care received.
  • In some instances, social security numbers

LCMHS announced that the electronic medical records of its patients were not accessible to network hackers.

The notification states that “We are sending letters to patients starting December 23rd 2022, whose information might have been in this incident,”

We offer individuals who may have had their Social Security numbers included free credit monitoring or identity theft protection services. It is recommended that patients review the statements of their healthcare provider and health insurance to identify any missing services and contact them immediately.

LCMHS reported this incident to U.S. Department of Health and Human Services. The incident was reported by the portal for healthcare-related breaches.

Ransomware from Hive claims that the attackers are behind the ransomware

LCMHS was listed by the Hive ransomware organization on November 15, 2022. This is usually done after unsuccessful negotiations to pay a ransom.

The hackers claimed that encryption occurred on October 25, 2022. This is four days after LCMHS first reported detections of network intrusions.

LCMHS breach published on Hive ransomware data leak site

source: BleepingComputer

Hive also released the files that were allegedly taken after breaches to LCMHS systems.

These files can include documents, bills, cards, contracts and medical info. BleepingComputer couldn’t confirm whether these files were authentic.

It is a good idea to be alert for any communications that ask you to provide personal data or payment information if you’ve received LCMHS care in the past.

You should also monitor your bank statements, and immediately report suspicious transactions to your bank.