BlackCat Hackers Denied Ransom in Attack on Leigh Valley Health Network

The notorious BlackCat hackers have been denied ransom after they attacked Leigh Valley Health Network but, according to its CEO, failed to disrupt operations.

Lehigh Valley Health Network (LVHN) is a healthcare organization based in Allentown in the Lehigh Valley region of the state of Pennsylvania.

It currently operates eight hospital campuses, physician practices, clinics, testing and imaging centers, health centers and urgent care locations.

A weak link

LVHN detected unauthorized activity in its IT network on Feb. 6, according to local newspaper The Morning Call.

A physician practice in Lackawanna County was apparently the epicenter of the attack, as LVHN President and CEO Brian A. Nester told reporters Monday.

“Lehigh Valley Health Network has been the target of a cybersecurity attack by a ransomware gang, known as BlackCat, which has been associated with Russia,” Nester said. “As of today, the attack has not disrupted LVHN’s operations. Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical.”

Sensitive information potentially leaked

Nester said LVHN is working closely with cybersecurity experts to evaluate what information, if any, was downloaded or compromised in any way. The healthcare network plans to notify affected individuals as soon as it understands more about any risks to data security.

LVHN’s initial analysis shows that the incident involved a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information.

“Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident,” Nester said.

Denied ransom

Nester said BlackCat operators demanded a ransom. While the exact demands remain unspecified, Nester made it clear that LVHN rebuffed the attackers.

The healthcare network’s website and social feeds make no mention of the attack at the time of this writing.

BlackCat operators in the feds’ spotlight

A report by the FBI recently painted BlackCat as a fearsome operation responsible for dozens of attacks on high-profile targets, including many based in the US. The fed offers a summary of the hacking operation, indicators of compromise, as well as technical details and mitigations to help system administrators faced with a possible attack by the nefarious hacking crew.

BlackCat is notably the first ransomware family written in the Rust programming language which helps it evade detection by some traditional security solutions.