money Lehigh Valley Health Network hit by cyber attack. Here's the patient info hackers stole
One of the largest health care networks in Pennsylvania has been hacked and the personal and medical data of more than 500 patients stolen by a Russian-based ransomware gang.
On Thursday, the Lehigh Valley Health Network (LHVN) first notified the public of an incident that allegedly occurred on Jan. 8 and was discovered early February.
The medical network said it believes hackers obtained some patients' email addresses, banking information, medical information and Social Security numbers. Information was obtained using the BlackCat ransomware program and the hospital is offering some patients 24 months of free identity theft projection.
Exclusive: District emails refute Central Bucks board member 'Nazi' allegations. Here's what they say
Caught on video: Man, 84, faces charge in fatal hit and run in Doylestown
What is the BlackCat virus?
Hackers believed to operate out of Russia have been using the BlackCat virus to steal data since at least November 2021, according the FBI. BlackCat is considered one of the most sophisticated hacking programs ever developed.
Using BlackCat, cybercriminals steal information on electronic networks and typically request millions of dollars in either Bitcoin and other online currencies, according to the FBI. Law enforcement has urged organizations not to pay ransoms because, they believe, it will only encourage future attacks.
Hackers using BlackCat tend to target drugmakers and hospitals, officials said. The program is known disable security features in a victim's computer network. The system can shutdown security features on programs such as Microsoft Word, Microsoft Exchange, and various data servers.
The federal government estimates at least 140 ransomware attacks as of December using BlackCat with about a one-third attacking organizations in the U.S.
Who was affected by the Lehigh Valley Health Network hack?
After several months of investigation, the Lehigh Valley Health Network said it is still not certain how many patients were affected. In a statement, LHVN said "more than 500" had their personal and medical data stolen.
LVHN operates a medical center in Quakertown. The network also has hospitals in Carbon, Lackawanna, Lehigh, Luzerne, Monroe, Northampton, and Schuylkill counties. The medical network operates community clinics, homecare, and hospice services throughout the state.
Based in Allentown, LVHN can treat as many of 1,529 patients at one time, according to the American Hospital Association.
How do I protect against hackers?
LHVN said it will provide two years of identity protect services via Experian's Identity Works system for those who may have been affected. To learn more about that program, call 833-957-2619.
The Federal Communications Commission and FBI have released strategies to protect against hacking. Here are some of the suggestions:
Make sure your phone is password protected and set to automatically "lock" when not in use
Always download the latest updates to your smartphone as these often include new security features
Regularly check for available updates to your computer's operating system including security updates
Never click on links or attachments in emails if you do not know the person who sent the email
Use strong passwords and consider a password manager
Do not use public charging stations at airports, hotels and shopping centers which can contain viruses
Never conduct personal business on a shared computers at libraries or hotel business centers
Never conduct private business or make purchase while on public WiFi networks. Your activities on that free WiFi at Starbucks is not private.
This article originally appeared on Bucks County Courier Times: Lehigh Valley Health Network hit by BlackCat cyberattack, data stolen
