Threat Watch

Ransomware attack at Louisiana hospital impacts 270,000 patients

The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting thousands of people who have received care at one of its medical centers. LCMHS is the largest medical complex in Lake Charles, Louisiana, comprising a 314-bed hospital, a 54-bed women’s hospital, a 42-bed behavioral health hospital, and a primary care clinic for uninsured citizens. According to the announcement posted on the LCMHS site, the cybersecurity incident occurred on October 21, 2022, when the organization’s security team detected unusual activity on the computer network. An internal investigation concluded on October 25, 2022, which revealed that hackers had gained unauthorized access to LCMHS’ network and then stole sensitive files.

These files contained patient information such as:

· Full names

· Physical addresses

· Dates of birth

· Medical records

· Patient identification numbers

· Health insurance information

· Payment information

· Limited clinical information regarding the received care

· Social Security numbers (in some cases)

LCMHS’ announcement clarifies that its electronic medical records were out of reach for the network intruders. “Beginning December 23, 2022, we are mailing letters to patients whose information may have been involved in this incident,” reads the notification. LCMHS reported the incident to the secretary of the U.S. Department of Health and Human Services (HHS). The portal for healthcare-related breaches now reports that 269,752 individuals have been impacted by the incident.

ANALYST NOTES

Data breaches involving healthcare or insurance information could result in insurance fraud. In addition to the normal precautions such as placing a freeze request with the major credit bureaus and monitoring financial accounts for unusual transactions, victims of medical data breaches should also be aware that identity thieves might attempt to get expensive medical procedures using their stolen insurance information. Carefully check “Explanation of Benefits” (EOB) forms or online claims notifications and promptly inform health insurance providers if a claim appears to be fraudulent.

Another statement from LCMHS reads “We are offering individuals whose Social Security number may have been included complimentary credit monitoring and identity theft protection services. Patients are encouraged to review statements from their health insurer and healthcare providers, and to contact them immediately if they see any services they did not receive.” Anyone who has received care on LCMHS in the past is advised to stay vigilant for incoming communications asking for personal information and payment data, which may be fraudulent.

Source: https://www.bleepingcomputer.com/news/security/ransomware-attack-at-louisiana-hospital-impacts-270-000-patients/