As if having, and battling a cancer is not bad enough, a number of cancer patients at a U.S. hospital are having their "nude" photos leaked to the internet by Russian hacker group.
It all began when hackers from the group ALPHV, also known as BlackCat, managed to breach the system of Lehigh Valley Health Network, a health network based in Allentown, and plant a ransomware.
The hacker group that is known for its association with Russia, is known for targeting academia and healthcare in the past, demanded LVHN to pay the ransom.
According to the U.S. Department of Health and Human services back in January, BlackCat demanded ransoms as high as $1.5 million.
"Our blog is followed by a lot of world media; the case will be widely publicized and will caused significant damage to your business," the ransom note reads. "Your time is running out. We are ready to unleash our full power on you!"
LVHN refused to pay, and the hackers retaliate.
The hackers, which managed to steal information and personal data related to its patients, started leaking "nude" photos of patients.
According to the hospital system, the photos in question were stolen photos, and are "clinically appropriate."
And according to reports, they included three screenshots of female cancer patients receiving radiation oncology treatment at LVPG Delta Medix.
All of whom were undressed breast cancer patients who undergone treatment planning and surgical purposes for the cancer.
The hacker group also stole seven documents containing information about the patients.
"Our initial analysis shows that the incident involved a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information. BlackCat demanded a ransom payment, but LVHN refused to pay this criminal enterprise. We understand that BlackCat has targeted other organizations in the academic and healthcare sectors," LVHN said on its website.
“This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior,” the health network said in a prepared statement to the local news website.
It's worth noting that the data breach occurred within the LVHN, which consists of 13 hospitals and several clinics, as well as physician practices in eastern Pennsylvania.
And its LVHN Cancer Center is the fourth largest in Pennsylvania and cares for more than 2,000 new patients each year.
March 5th: ALPHV ransomware group began leaking photos of topless female breast cancer patients.
March 14th: Patients effected by the ALPHV ransomware attack filed a class action lawsuit against the hospital.
Information via: @AlvieriD
More info: https://t.co/I00mGlc3EY— vx-underground (@vxunderground) March 14, 2023
While LVHM did a good thing by not paying hackers, the healthcare is seen as careless in protecting patients.
For this reason, a lawsuit was filed against LVHN over its failure in protecting patient information.
The lawsuit was filed by a cancer patient from Dunmore, Lackawanna County, identified only as Jane Doe to protect her identity, and any other affected patients.
It also added that the data breach was "preventable" and "seriously damaging."
The lawsuit characterizes LVHN as having prioritized money over patient privacy by refusing to pay the hackers to keep the pictures private.
"While LVHN is publicly patting itself on the back for standing up to these hackers and refusing to meet their ransom demands, they are consciously and internationally ignoring the real victims: Plaintiff and her Class," the lawsuit claims, referring to the victim from Dunmore
The filing claims that LVHN was negligent in its protection of sensitive information.
The suit was filed in Lackawanna County, where the victim lives.
The health network has previously called the cyberattack “despicable” and an “unconscionable criminal act (that) takes advantage of patients receiving cancer treatment.”