Patients of a Pennsylvania-based healthcare group recently became the unfortunate victims of a cyberattack by a Russian-speaking ransomware group. 

The data breach occurred within the Lehigh Valley Health Network (LVHN), which includes 13 hospitals and several clinics and physician practices in eastern Pennsylvania. Patients’ confidential information, including photos of undressed breast cancer patients used for treatment planning and surgical purposes, was infiltrated by the BlackCat gang in early February, according to a public statement by LVHN President and CEO Brian A. Nester, DO, MBA. 

The statement indicates that on Feb. 6, the LVHN IT team detected unauthorized activity within their system, prompting an immediate investigation. Further analysis determined the ransomware attack was localized to a network supporting a single physician practice in Lackawanna County. As of the time of Nester’s statement, the attack had not interfered with operations. 

The BlackCat group, which has targeted several other victims in the healthcare industry, demanded payment for the safe return of patients’ confidential data, even posting threats to expose the information on its site recently.  

"We have been in your network a long time and have had time to study your business," the group wrote. "We have stolen your confidential information and are ready to publish it." 

According to reports, the group has shared screenshots of patient diagnoses and photos of breast cancer patients undressed from the waist up. 

Nester revealed that the breach involved “a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information.”  He stated that BlackCat has demanded a ransom payment, but that LVHN has no intention of paying the “criminal enterprise.” 

LVHN has continued to operate without disruption following the incident, though its investigation is ongoing.