It all started in October, but the incident became known only now.
According to a press release from the Lake Charles Memorial Medical Complex (LCMHS), it all began on October 21 when the LCMHS security team detected "unusual activity" on its computer network. An internal investigation was then conducted and a few days later it was determined that the hackers had gained unauthorized access to the hospital's network and then stolen confidential files.
According to representatives of the complex, the stolen files contained information about patients:
Dates of birth;
Information about medical insurance and its payment;
Clinical information about the treatment of patients;
Social security numbers.
LCMHS emphasizes that hackers have not gained access to the electronic medical record, and letters are already being sent to all affected patients. In addition, it became known that the incident affected 269,752 people.
And although members of the Hive group claim that the incident occurred on October 25, LCMHS specialists reported the intrusion into the network on October 21. In addition, the cyber-ransomware added the hospital to the list of victims on November 15, 2022, which usually occurs after unsuccessful ransom negotiations. In addition, the attackers posted allegedly stolen files on the site. It is not yet clear if they are genuine.
LCMHS is the largest medical complex in Lake Charles, Louisiana, comprising a 314-bed hospital, a 54-bed women's hospital, a 42-bed behavioral health hospital, and an acute care clinic for uninsured US citizens.