A ransomware gang with Russian ties is accused of posting nude photos of cancer patients online after a Pennsylvania health care group declined to meet its demands.
Lehigh Valley Health Network called the cyberattack an “unconscionable criminal act” that exploits patients undergoing treatment for cancer, according to Lehigh Valley Live.
On Sunday, a Twitter feed that tracks malware said the hacker group ALPHV, also known as BlackCat, was “exploiting and sexualizing breast cancer.”
The tweet included a note, seemingly from ALPHV, telling the health care provider that its patients’ “passports, personal data, questionnaires, nude photos and the like” had been stolen. The hacker group said it was prepared to publish these materials online, and warned such a disclosure would “cause significant damage to [the provider’s] business.”
In a statement, Lehigh Valley Health Network said the information hacked from its systems included a trio of screenshots containing clinically appropriate images of patients undergoing radiation oncology treatment at a facility in Scranton, Pa. The breach also reportedly included seven documents with personal information about patients.
It’s unclear how much money ALPHV was demanding. The organization is reportedly known to have asked for payments of up to $1.5 million.
Lehigh Valley Health Network said last month it experienced a cyberattack that did not interrupt operations, but warned the incursion targeted images like the ones published over the weekend. Law enforcement was made aware of the situation.
ALPHV is said to target health care and academic institutions.
Georgia station WMAZ reported Monday that a Houston County-based health care group that treats 300,000 patients a year was targeted by a ransomware attack last week, causing the health care workers to implement “back up processes.”
Further details of that attack have not been made public.