© 2024 LEHIGHVALLEYNEWS.COM
Your Local News | Allentown, Bethlehem & Easton
  • Sign In
    • DONATE
    Play Live Radio
    Next Up:
    0:00
    0:00
    Available On Air Stations
    Health & Wellness News

    Ransomware attacks on hospitals highlight need for vigilant cybersecurity

    LehighValleyNews.com | By Makenzie Christman
    Published March 24, 2024 at 8:00 AM EDT
    LVHNbuildingfront.JPG
    Courtesy
    /
    Lehigh Valley Health Network
    Lehigh Valley Health Network said Feb. 22, 2023, it was the target of a cybersecurity attack by a ransomware gang known as BlackCat, which has been associated with Russia. "Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County," LVHN said.

    BETHLEHEM, Pa. — Recent ransomware attacks on health care providers have put a spotlight on their need for diligent security measures.

    Just last month, the BlackCat hacker group orchestrated a cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group.

    The BlackCat group — also known as ALPHV or Noberus, according to the U.S. Justice Department — demanded $22 million from the health care giant after attacks made payments and prescription services largely unavailable.

    A UnitedHealth Group webpagededicated to its “cyber response” shows half of restoration efforts are complete, with two more in progress as of March 15 and the week of March 18.

    Those in progress include restoring provider electronic payments and reconnection/testing of its claims system.

    In a December 2023 release about a ransomware disruption campaign, the DOJ called the BlackCat group the “second-most prolific ransomware-as-a-service variant in the world,” noting its targets of computer networks of more than 1,000 victims.

    The Feb. 21 attack prompted the FBI and HSS to send an advisory days later, urging security specialists to “protect and detect against malicious activity” after noticing BlackCat affiliates “primarily targeting the health care sector.”

    "Most places wouldn't be life and death, but in hospitals it is there. So the need to protect people in a hospital environment is there."
    Kermit Burley, Information Technology program coordinator at Penn State Lehigh Valley

    Last year, the same group — which reportedly has ties to Russia — attacked Lehigh Valley Physician Group.

    BlackCat hackers then posted patient information and nude photos of cancer patients receiving radiation oncology treatment at LVPG Delta Medix in Lackawanna County to the dark web.

    Federal agencies like the Cybersecurity and Infrastructure Security Agency advise against paying ransom for cyberattacks. But for health care providers, that isn't always an option, said Kermit Burley, Penn State Lehigh Valley lecturer.

    “Most places wouldn't be life and death, but in hospitals it is there,” Burley said. “So the need to protect people in a hospital environment is there.”

    That life and death matter is likely a vulnerability hackers seek in choosing targets, he said.

    Burley, an information technology program coordinator, said ransomware attacks can happen to anyone, so he thinks everyone should remain vigilant.

    “Any time that you think you're impenetrable, that's a vulnerability,” Burley said. "Complacency would be the enemy — not just for a hospital, but for anybody.”

    Tags

    Health & Wellness NewsTop StoriesLatest StoriesHealth & WellnessCriminal JusticeLocal News
    Makenzie Christman
    I'm a Lehigh Valley native whose passion for journalism traces back to my high school newspaper. I previously reported for The Republican Herald in Pottsville and freelanced for SpotlightPA and WPSU through Penn State University's startup, The News Lab. Outside of the office, I'm usually doting on my dog or tasting what the Valley's food landscape has to offer. Contact me at makenziec@lehighvalleynews.com or 610-984-8138.
    See stories by Makenzie Christman