Vile Russian hackers leak 'naked' pics of cancer patients after PA hospital refuses to pay ransom
ALLENTOWN, PENNSYLVANIA: A Russian hacker network has been accused of publishing naked photos of cancer patients online after stealing them from a hospital network. The incident took place after the hospital refused to pay ransom. Lehigh Valley Health Network, which is a Pennsylvania-based consortium of 13 hospitals and 28 healthcare centers, said what the hackers did was an "unconscionable criminal act". The group responsible for the photo leak is known as ALPHV and is nicknamed 'BlackCat'. They are known to compromise data in a system and make monetary demands from the victims.
The healthcare company claimed on February 6 that they found unauthorized activity on their computer networks. They subsequently informed law enforcement. The hackers issued a statement months later, saying they had "been in your network for a long time" and had access to patient passports, questionnaires, personal data, and "nude photos".
READ MORE
FBI recovers over $2M out of $4.4M ransom paid to Colonial Pipeline hackers
ALPHV states in their message to Lehigh Valley Health Network that the photos of the cancer patients are nudes, suggesting they're pornographic (?).
— vx-underground (@vxunderground) March 5, 2023
ALPHV is exploiting and sexualizing breast cancer. pic.twitter.com/ei1LZ3CxyT
What did the hackers steal?
According to the healthcare company, the stolen information includes three screenshots, which they described as "clinically appropriate" photos of cancer patients receiving radiation oncology treatment. Seven documents containing patient information were also stolen, Lehigh Valley Live reported. The hackers published the data on the dark web when the hospital refused to comply with their ransom demands.
"Our blog is followed by a lot of world media, the case will be widely publicized, and will cause significant damage to your business," the hackers said. "Your time is running out. We are ready to unleash our full power on you." The amount of money the hackers demanded is unclear.
The Allentown, Pennsylvania-based company slammed the hackers' act as "despicable". "This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior," the company said. "We will provide notices as required to those whose information was involved."
Two other recent attacks
There have been other incidents involving Russian hackers in recent times. In January this year, Russian criminals launched a cyber-attack on Royal Mail, disrupting their overseas deliveries. The ransomware used was 'Lockbit', and according to computer security firms, the software was developed by criminal gangs with links to Russia, BBC reported. The company rejected a ransom demand for $80m, following which chat transcripts were released on the dark web, The Guardian reported. Royal Mail’s board later said in a statement to the hackers, "Under no circumstances will we pay you the absurd amount of money you have demanded. We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us. This is an amount that could never be taken seriously by our board.” Royal Mail eventually successfully restored almost all of its international services, but is still unable to accept new parcels bought at physical Post Office branches. Customers can still drop off items for which they have bought postage online.
In 2021, the Colonial Pipeline was the victim of a ransomware attack that led to some of the pipeline's digital systems getting infected. The shutdown affected several consumers and airlines along the East Coast. The FBI confirmed that a hacker group identified as DarkSide accessed the Colonial Pipeline network and stole 100 gigabytes of data, according to Bloomberg. Colonial Pipeline paid a ransom of 75 bitcoin ($4.4 million), but 63.7 bitcoin (approximately $2.3 million) was later recovered by the Department of Justice.