The Lake Charles Memorial Health System (LCMHS) is notifying thousands of patients who have gotten care at one of its medical facilities of a data breach. With a 314-bed hospital, a 54-bed women’s hospital, a 42-bed mental health hospital, and a primary care clinic for uninsured patients, LCMHS is the largest medical complex in Lake Charles, Louisiana.
According to the notification published on the LCMHS website, the cybersecurity issue happened on October 21, 2022, when the organization’s security staff discovered strange behavior on the computer network. An internal investigation completed on October 25, 2022, found that hackers had accessed the LCMHS network without authorization and had taken essential data.
The stolen patient data includes:
- Full names
- Dates of birth
- Physical addresses
- Patient identification numbers
- Medical records
- Payment information
- Health insurance information
- Social Security numbers (in some cases)
- Limited clinical information regarding the received care
The LCMHS announcement makes it clear that the network invaders couldn’t access the organization’s computerized medical records.
“Beginning December 23, 2022, we are mailing letters to patients whose information may have been involved in this incident,” per the notification. “We are offering individuals whose Social Security number may have been included with complimentary credit monitoring and identity theft protection services. Patients are encouraged to review statements from their health insurer and healthcare providers, and to contact them immediately if they see any services they did not receive.” – LCMHS
LCMHS informed the U.S. Department of Health and Human Services secretary about the event. According to the site for healthcare-related breaches, the problem has already affected 269,752 people. On November 15, 2022, the Hive ransomware organization added LCMHS to its list of data leaks, which usually happens after unsuccessful attempts to negotiate a ransom payment.
It’s interesting to note that the hackers assert that the encryption happened on October 25, 2022, four days after LCMHS announced the initial discovery of network penetration. The files that were purportedly taken from LCMHS systems have also been made public by Hive. Bills of materials, cards, contracts, medical information, paperwork, medical records, scans, residents, and more are among the specified files. It is impossible to verify whether or not these files are genuine.
It is advised to be on the lookout for incoming emails requesting you to provide personal information and financial data if you have previously received care from LCMHS. Additionally, keep an eye on your bank statements and notify your bank immediately of any questionable activity.