Clothes less photos of patients land on dark web after ransomware attack

A ransomware attack can inflict severe distress not only on the targeted business and its employees but also on individuals who are completely unrelated to the incident.

In early 2023, a Pennsylvania hospital fell victim to a ransomware attack perpetrated by the BlackCat group, which resulted in the theft of approximately 4.4 TB of data and the encryption of additional sensitive information.

Unfortunately, many victims were unaware that this breach would have profound consequences for their lives, particularly when intimate photos surfaced on the dark web.

Lehigh Valley Health Network, the affected healthcare provider, experienced a significant data leak that exposed sensitive patient information, including medical diagnoses, health insurance details, email addresses, Social Security numbers, banking information, and personal medical histories. Among those affected was Jane Doe, a 50-year-old patient whose nak#d images related to radiation treatment were compromised.

As a result of the breach, Lehigh Valley Hospital agreed to a $65 million settlement in a class action lawsuit, having failed to adequately protect patient information. Proposed settlements may provide impacted individuals with compensation ranging from $50 to $70,000, with the highest amounts going to those whose images were leaked.

For weeks, Ms. Doe has lived in fear, concerned that her personal information could lead to identity theft, fraud, or extortion. The risk of her private photos falling into the hands of malicious actors, who might attempt to extort her, weighs heavily on her mind.

Lehigh Valley Health Network, which operates over 13 hospitals and 28 healthcare centers, has stated that it is implementing measures to prevent future incidents. The organization is also prepared to offer additional support to affected individuals, including credit monitoring and surveillance of their information on the dark web.

The trend of ransomware attacks on healthcare providers has been alarming, with entities such as United Health’s Change Healthcare and Ascension also targeted in 2024. According to an FBI alert, ransomware attacks on the healthcare sector surged by 120 percent in 2023, affecting 258 organizations, up from 113 in 2022. This number could potentially quadruple in 2024, as 360 victims have already been reported this year.

It’s important to note that in such situations, hackers may directly contact individual victims, pressuring them to pay a ransom to prevent their sensitive images from being made public.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display