Lehigh Valley Health Network (LVHN) has confirmed that Russian ransomware gang BlackCat has released patient photographs and information on the dark web. The stolen data includes photographs of cancer patients receiving radiation oncology treatments at Lehigh Valley Physician Group's Delta Medix practice in Scranton, along with seven documents containing patient information.
LVHN detected unauthorized activity within their IT system in early February, leading to an investigation with cybersecurity firms and experts as well as law enforcement. The health network noted that the security breach did not interrupt any operations.
The Office of Information Security has warned that the healthcare and public health sector will continue to be targeted by BlackCat. It is advising the industry to take this threat seriously and apply appropriate defensive and mitigative actions to protect their infrastructure from compromise.
How to Prevent Data Breaches in the Healthcare Industry
"Data breaches in the healthcare industry can have devastating consequences," said Chris Close, a cyber security expert with Cyber Sleuth Security’s Trenton office. "It's essential that healthcare organizations take the necessary steps to protect their data from malicious actors."
When asked about how healthcare organizations can prevent data breaches, Close said, "The first step is to make sure the organization has the right policies and procedures in place. This includes having a comprehensive security program that includes user education, regular security assessments, and incident response plans."
He continued, "It's also important to ensure that all systems and networks are up-to-date with the latest security patches and updates. By doing so, organizations can reduce the risk of data breaches caused by known vulnerabilities."
Close also emphasized the importance of monitoring the organization's networks and systems. "Organizations need to have a comprehensive monitoring system in place. This includes monitoring user activity, network traffic, and device configurations. By detecting any suspicious activity, organizations can quickly respond to any potential threats and minimize the risk of a data breach."
Finally, Close said that healthcare organizations should also consider using encryption technology to protect sensitive information. "Encryption can help protect data from unauthorized access, even if it falls into the wrong hands. It's an important layer of defense that should not be overlooked."
Source
Lehigh Valley Health Network: Patient photos, info from ransomware attack released online