The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting thousands of people who have received care at one of its medical centers.
LCMHS is the largest medical complex in Lake Charles, Louisiana, comprising a 314-bed hospital, a 54-bed women’s hospital, a 42-bed behavioral health hospital, and a primary care clinic for uninsured citizens.
According to the announcement posted on the LCMHS site, the cybersecurity incident occurred on October 21, 2022, when the organization’s security team detected unusual activity on the computer network.
An internal investigation concluded on October 25, 2022 revealed that hackers had gained unauthorized access to LCMHS’ network and then stole sensitive files.
These files contained patient information such as:
- Full names
- Physical addresses
- Dates of birth
- Medical records
- Patient identification numbers
- Health insurance information
- Payment information
- Limited clinical information regarding the received care
- Social Security numbers (in some cases)
LCMHS’ announcement clarifies that its electronic medical records were out of reach for the network intruders.
“Beginning December 23, 2022, we are mailing letters to patients whose information may have been involved in this incident,” reads the notification.
LCMHS reported the incident to the secretary of the U.S. Department of Health and Human Services (HHS). The portal for healthcare related breaches now reports that 269,752 individuals have been impacted by the incident.
Hive ransomware claims the attack
The Hive ransomware group listed LCMHS on its data leak site on November 15, 2022, a step that typically comes after failed negotiations for paying a ransom.
Interestingly, the hackers claim that the encryption took place on October 25, 2022, four days after LCMHS reported the first detection of the network intrusion.
Hive has also published the files allegedly stolen after breaching LCMHS systems.
The listed files include bills of materials, cards, contracts, medical info, papers, medical records, scans, residents, and more. BleepingComputer could not confirm if these files are authentic or not.
If you have received care on LCMHS in the past, it is recommended to stay vigilant for incoming communications asking you to give away personal information and payment data.
Also, you should monitor your bank statements and report any suspicious transactions to your bank immediately.