Cyber Incident Victim: Arizona Liver Health
Date:
Dec 2022
Location:
United States of America
Summary
Arizona Liver Health was listed on the LockBit ransomware group's dark web leak site as a victim of an alleged cyberattack, though the organization has not confirmed the incident. LockBit, known for targeting healthcare providers despite claims to avoid the sector, previously attacked other medical facilities and recently shifted to triple extortion tactics. The group's involvement typically involves data theft, encryption of systems, and threats to release stolen information unless ransom demands are met. While specific operational impacts on Arizona Liver Health remain unverified, such attacks commonly disrupt services and expose sensitive patient data, including personal and medical information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Arizona Liver Health incident emerged in late 2022 when the LockBit ransomware group listed the organization on its dark web leak site, indicating a potential breach. LockBit, known for targeting healthcare despite previous claims of avoiding the sector, publicly identified Arizona Liver Health as a victim alongside Juva Skin & Laser Center. Neither entity confirmed the alleged attacks at the time of reporting. This incident followed LockBit’s December 2022 attack on Toronto’s Hospital for Sick Children (SickKids), which the group later attributed to an unauthorized “partner” actor, issuing an apology and free decryptor. The U.S. Department of Health and Human Services had previously warned about LockBit’s adoption of triple extortion tactics, combining data encryption, theft, and harassment campaigns to pressure victims. Arizona Liver Health’s public response and operational impact details remained undisclosed in available reports, leaving the attack’s scope, data compromise, and remediation efforts unverified by the organization itself.
The broader healthcare sector faced parallel challenges during this period, as evidenced by other incidents in the same timeframe. Atlantic General Hospital experienced network outages from a late January 2023 ransomware attack, disrupting pharmacy and outpatient services while forcing reliance on downtime procedures. Lutheran Social Services of Illinois disclosed a December 2021 breach affecting 184,000 individuals after a year-long forensic review revealed month-long attacker access to sensitive data including Social Security numbers and medical histories. Third-party risks compounded sector vulnerabilities, exemplified by UCHealth’s data exposure through vendor Diligent’s compromised systems and UCLA Health’s inadvertent patient data sharing via analytics tools on appointment forms. These incidents collectively underscored persistent ransomware threats, forensic investigation delays complicating breach notifications, and operational dependencies creating attack surfaces across healthcare ecosystems.