Lake Charles Memorial Health System (LCMHS) is notifying approximately 270,000 patients that their personal and medical information has been compromised due to a data breach.
LCMHS, a regional community healthcare system comprised of multiple facilities, identified the cyberattack on October 25 and began notifying affected patients on December 23.
Between October 20 and October 21, ‘an unauthorized third party’ gained access to LCMHS’s network, according to a notification on its website.
The attackers accessed and likely exfiltrated patient data from certain files, according to the healthcare provider.
The stolen files contained patient information including names, addresses, dates of birth, health insurance information, medical record numbers, patient identification numbers, payment data, and information about care received at LCMH. In some instances, Social Security numbers were also compromised.
On December 22, the healthcare provider informed the US Department of Health and Human Services that approximately 270,000 people were affected.
The Hive ransomware gang has already claimed responsibility for the incident, although LCMH has not disclosed the nature of the cyberattack it experienced.
On their Tor website, the hacking group bragged about the cyberattack, claiming to have exfiltrated from LCMH’s network various business files (bills of materials and contracts), medical records, file scans, and other forms of data.