270,000 Patients Affected by Louisiana Hospital Ransomware Attack

270,000 Patients Affected by Louisiana Hospital Ransomware Attack

The Lake Charles Memorial Health System (LCMHS) is notifying thousands of patients who have gotten care at one of its medical facilities of a data breach. With a 314-bed hospital, a 54-bed women’s hospital, a 42-bed mental health hospital, and a primary care clinic for uninsured patients, LCMHS is the largest medical complex in Lake Charles, Louisiana.

According to the notification published on the LCMHS website, the cybersecurity issue happened on October 21, 2022, when the organization’s security staff discovered strange behavior on the computer network. An internal investigation completed on October 25, 2022, found that hackers had accessed the LCMHS network without authorization and had taken essential data.

The stolen patient data includes:

  • Full names
  • Dates of birth
  • Physical addresses
  • Patient identification numbers
  • Medical records
  • Payment information
  • Health insurance information
  • Social Security numbers (in some cases)
  • Limited clinical information regarding the received care

The LCMHS announcement makes it clear that the network invaders couldn’t access the organization’s computerized medical records.

“Beginning December 23, 2022, we are mailing letters to patients whose information may have been involved in this incident,” per the notification. “We are offering individuals whose Social Security number may have been included with complimentary credit monitoring and identity theft protection services. Patients are encouraged to review statements from their health insurer and healthcare providers, and to contact them immediately if they see any services they did not receive.” – LCMHS

LCMHS informed the U.S. Department of Health and Human Services secretary about the event. According to the site for healthcare-related breaches, the problem has already affected 269,752 people. On November 15, 2022, the Hive ransomware organization added LCMHS to its list of data leaks, which usually happens after unsuccessful attempts to negotiate a ransom payment.

It’s interesting to note that the hackers assert that the encryption happened on October 25, 2022, four days after LCMHS announced the initial discovery of network penetration. The files that were purportedly taken from LCMHS systems have also been made public by Hive. Bills of materials, cards, contracts, medical information, paperwork, medical records, scans, residents, and more are among the specified files. It is impossible to verify whether or not these files are genuine.

It is advised to be on the lookout for incoming emails requesting you to provide personal information and financial data if you have previously received care from LCMHS. Additionally, keep an eye on your bank statements and notify your bank immediately of any questionable activity.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.