Lehigh Valley Health Network hit by cybersecurity attack targeting Delta Medix group

Feb. 20—A cybersecurity attack by apparent Russian hackers potentially compromised confidential images and information of an unknown number of Delta Medix patients, Lehigh Valley Health Network said Monday.

The attack was carried out by a ransomware gang known as BlackCat, which has been associated with Russia, Brian A. Nester, LVHN president and CEO, said in a statement.

While an investigation is ongoing, an initial analysis by the health care provider found the attack targeted the network supporting Lackawanna County-based Delta Medix, part of the Lehigh Valley Physician Group, LVHN officials said.

The incident involved a computer system used for "clinically appropriate" patient images for radiation oncology treatment and other sensitive information, according to the Allentown-based health network.

Nester said LVHN takes the breach seriously and called protecting the security and privacy of patients, physicians and staff critical.

The health care system cannot yet say whether any specific patient's personal or sensitive information was compromised "until we dig into this further" but will let those individuals know if it discovers that was the case, spokesman Brian Downs said.

"We are continuing to work closely with our cybersecurity experts to evaluate the information involved and will provide notices to individuals as required as soon as possible," Nester said. "Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident."

BlackCat demanded a ransom payment, but LVHN refused to pay, Nester said.

As of Monday, the cyberattack had not disrupted LVHN's operations, he said.

An alert issued last month by the U.S. Department of Health and Human Services' Office of Information Security and Health Sector Cybersecurity Coordination Center identified BlackCat as a "relatively new but highly-capable" ransomware threat to health care providers.

First detected in November 2021, the group conducts "triple extortion," carrying out ransomware attacks while threatening to initiate distributed denial-of-service attacks and to leak stolen data to the public, HHS said. In it first four months, the group executed at least 60 attacks worldwide, the FBI reported.

Downs said LVHN is not releasing the amount of the ransom demanded by BlackCat.

According to HHS, the gang has demanded ransoms as high as $1.5 million in previous cybersecurity attacks against the health care sector.

LVHN detected unauthorized activity within its information technology system Feb. 6, Nester's statement said. Its technology team identified the activity, and LVHN immediately launched an investigation, engaged leading cybersecurity firms and experts, and notified law enforcement, including the FBI.

So far, only the portion of the LVHN network supporting the Delta Medix practice appears to have been attacked, Downs said.

"But the investigation is still ongoing and it could take a while before we determine that fully" he said. "At this point, we are not aware of any data that's been compromised outside of that."

Contact the writer: dsingleton@timesshamrock.com, 570-348-9132