LockBit claims November attack on New Jersey hospital that disrupted patient care

Jason Macuray
The LockBit ransomware gang took credit for a November attack on a hospital system that forced multiple facilities in New Jersey and Pennsylvania to cancel appointments and operate without patient files.

The LockBit ransomware gang took credit for a November attack on a hospital system that forced multiple facilities in New Jersey and Pennsylvania to cancel appointments and operate without patient files.

This weekend, LockBit posted Capital Health to its extortion website, threatening to leak seven terabytes of stolen data from the company.

The gang claimed it only stole data from one hospital controlled by Capital Health — Regional Medical Center in Trenton — and did not encrypt the hospital systems “so as not to interfere with patient care.”

But in November, the hospital said it experienced network outages because of the attack and was forced to enact emergency protocols to continue helping patients. Its emergency rooms were able to stay open but several elective surgeries were moved to later dates and outpatient radiology appointments were canceled.

Neurophysiology and non-invasive cardiology testing were also rescheduled while the hospital spent more than a week operating with “system limitations.”

Capital Health provided a brief update in December that all systems were restored and that they are in the process of assessing “the risk to patient and employee data.”

The organization did not respond to requests for comment about the data being sold by LockBit. The ransomware gang put a deadline of January 9 for the ransom to be paid.

Despite internal gang rules prohibiting attacks on hospitals, LockBit members continued their streak of targeting healthcare facilities. The gang caused outrage after launching an attack against Toronto’s Hospital for Sick Children, Canada’s largest pediatric health center, during the Christmas season in 2022.

Ransomware attacks on hospitals continue to cause widespread problems for the healthcare industry, forcing multiple facilities to divert ambulances, cancel appointments and more.

But one of the biggest issues is the data stolen from healthcare facilities, which often include sensitive information like Social Security numbers and clinical photos.

In an incident two weeks ago, a ransomware gang used data stolen from a prominent cancer center based in Seattle to extort patients individually.

Several data theft incidents have been reported by healthcare companies over the last two weeks. North Kansas City Hospital warned last week that hackers had breached the systems of an outside vendor and stolen information on health insurance, demographics and clinical operations during a month-long security incident.

Right before Christmas, Oklahoma’s Integris Health warned customers that hackers were contacting patients after breaching company systems on November 28. Several customers said they had received emails from hackers attempting to extort them using data stolen from the non-profit hospital system.

NewsCybercrimePrivacy
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Bangladesh official alleges cyberattack ‘from Ukraine and Germany’ targeted election

Next Post

Taiwan to reveal Chinese election interference after Jan. 13 vote

Related Posts

Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite

A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024-41992, said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers. "This flaw allows an unauthenticated local attacker to
Avatar
Read More

Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions

Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported that a court in St. Petersburg found Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan
Avatar
Read More