Cyber Incident Victim: Lehigh Valley Health Network
Date:
Feb 2023
Location:
United States of America
Summary
Lehigh Valley Health Network experienced a cyberattack by the BlackCat ransomware group, which infiltrated its IT systems and accessed sensitive patient data including radiation oncology treatment images from a single physician practice. The organization detected unauthorized activity, initiated an investigation with cybersecurity experts, and notified law enforcement but refused to pay the demanded ransom. BlackCat, linked to Russia and known for targeting healthcare entities, leaked some patient information, though the attack did not disrupt hospital operations. LVHN committed to evaluating the compromised data and notifying affected individuals while condemning the attack as reprehensible.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 6, 2023, Lehigh Valley Health Network (LVHN) detected unauthorized activity on its IT systems, prompting an immediate investigation. The health network engaged external cybersecurity firms and experts to assess the breach and notified law enforcement agencies. LVHN President and CEO Brian A. Nester confirmed the incident involved the BlackCat ransomware group, which has been associated with Russia and is known for targeting healthcare and academic sectors. The attackers compromised patient images related to radiation oncology treatment and accessed sensitive information from a single physician practice in Lackawanna County. BlackCat demanded a ransom payment, which LVHN refused to pay. Despite the breach, the attack did not disrupt operations across LVHN’s 13 hospital campuses, 28 health centers, 20 ExpressCARE locations, or its ancillary services, including pharmacy and home health operations. The network emphasized its commitment to data security and privacy, dedicating resources to evaluate the scope of compromised information and prepare mandated notifications to affected individuals.
The incident exposed highly sensitive medical data, including cancer treatment imagery, heightening concerns about patient privacy. BlackCat had previously claimed responsibility for a January 2023 attack on NextGen Healthcare, an electronic health records provider, and the U.S. Department of Health and Human Services had warned that the group demanded ransoms up to $1.5 million. LVHN’s refusal to pay aligned with law enforcement recommendations against funding criminal enterprises. The health network continued collaborating with cybersecurity specialists to mitigate risks and refine its response protocols. No operational interruptions were reported, allowing LVHN to maintain clinical services uninterrupted during and after the breach. The organization reiterated its condemnation of the attack as reprehensible and focused on safeguarding future data integrity while adhering to regulatory disclosure requirements.