Cyber Incident Victim: Lake Charles Memorial Health System

On or around November 4, 2022, the Hive ransomware group infiltrated the network of Lake Charles Memorial Health System (LCMH), later claiming to have remained undetected for approximately 12 days. During this period, Hive asserted it exfiltrated 270 GB of data before initiating contact with LCMH. The group stated it deliberately chose not to encrypt LCMH’s systems to avoid disrupting critical patient care operations, despite retaining the capability to re-enter the network undetected. LCMH’s cybersecurity team eventually identified the intrusion, blocking further unauthorized activity according to their public statement. This claim of rapid detection and containment directly conflicted with Hive’s timeline, which indicated LCMH only became aware of the breach after the data theft was complete. Hive alleged LCMH management delayed public disclosure for nearly three weeks following initial contact, despite repeated communications from the threat actors.

LCMH issued its first public acknowledgment of the incident after Hive began leaking stolen data and threatened to notify government regulators, approximately two weeks after the attackers’ initial outreach. The health system’s statement did not address the scope of compromised data, operational impacts, or specific mitigation measures beyond asserting the attack was “blocked.” Hive disputed LCMH’s characterization of events, emphasizing the prolonged delay in public notification and accusing LCMH of failing to protect patient and employee data. The threat actor provided no verifiable evidence to support its claims regarding the exfiltrated data volume or the content of private negotiations. No forensic reports or third-party analyses corroborating either party’s assertions were publicly released. The incident exposed potential risks to patient data confidentiality but yielded no confirmed details regarding data misuse, financial losses, or care interruptions.