Louisiana hospital struck by a ransomware attack

Nearly 270,000 patients of the Lake Charles Memorial Health System were affected by the attack

Louisiana hospital struck by a ransomware attackSensitive patient files supposedly leaked on a cybercriminal site

The Lake Charles Memorial Health System is a healthcare organization located in Lake Charles, Louisiana. It is comprised of two hospitals, the Lake Charles Memorial Hospital and the Lake Charles Memorial Hospital for Women, as well as a range of outpatient services and clinics. The health system is known for its comprehensive range of medical services, including cancer care, cardiovascular care, and orthopedics, among others.

It is also home to the Memorial Medical Group, a network of primary care and specialty physicians. In addition to providing high-quality medical care to the community, the Lake Charles Memorial Health System is also actively involved in various charitable and outreach efforts to support the health and well-being of the people in the region.

The Lake Charles Memorial Health System (LCMHS) has announced a data breach that has affected nearly 270,000 individuals who have received care at one of its medical centers. LCMHS is in the process of sending out notices to those affected by the breach.

Sensitive patient data was supposedly stolen by cybercriminals

The Lake Charles Memorial Health System (LCMHS) has reported that a cybersecurity incident occurred on October 21, 2022, when its security team detected unusual activity on the organization's computer network. Upon further investigation, it was discovered that hackers had gained unauthorized access to LCMHS' network and stolen sensitive files. The internal investigation into the incident was concluded on October 25, 2022.

The files that were stolen during the cybersecurity incident at the Lake Charles Memorial Health System (LCMHS) contained a wide range of sensitive patient information, including full names, physical addresses, dates of birth, medical records, patient identification numbers, health insurance information, payment information, limited clinical information related to the care received, and in some cases, even Social Security numbers.

It is a serious breach that has caused concern for those affected. LCMHS has stated in its announcement that the electronic medical records were not accessed by network intruders during the data breach. LCMHS also said:[1]

We are offering individuals whose Social Security number may have been included with complimentary credit monitoring and identity theft protection services. Patients are encouraged to review statements from their health insurer and healthcare providers, and to contact them immediately if they see any services they did not receive.

According to the portal[2] for healthcare-related breaches, the data breach has affected 269,752 individuals.

Stolen information allegedly posted on Hive ransomware data leak site

On November 15, 2022, the Hive ransomware group listed the Lake Charles Memorial Health System (LCMHS) on its data leak site,[3] which is typically a step taken after failed ransom negotiations. The hackers claim that the encryption occurred on October 25, 2022, four days after LCMHS reported the initial detection of the network intrusion.

The Hive ransomware group has reportedly published the files that were allegedly stolen during the breach of the Lake Charles Memorial Health System (LCMHS). These files include bills of materials, cards, contracts, medical information, papers, medical records, scans, residents, and more.

It has not been confirmed if these files are authentic. However, if you have received care at LCMHS in the past, it is recommended to be cautious of any incoming communications asking for personal information or payment data, and to closely monitor your bank statements for any suspicious transactions, reporting any issues to your bank immediately.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions