Lake Charles Memorial Health System

Hive hacked the Lake Charles Memorial Health System (LCMH)’s network for 12 days.

It had exfiltrated 270 GB of files including patient and employee data.

A sample of files was attached to the email as proof of claims.

Hive demanded $900,000 to delete all files and provide them with information on their vulnerabilities.

The leak included protected health information on patients, such as a folder with 5,834 files for patients using the mammography service in 2022.

Other folders contained internal documents, such as files relating to a previous HIPAA breach inquiry, and yet other folders and files contain personnel information on employees.

It also contained files on personnel information and a folder with 664 files on individual employees with their personal and personnel information.

Source: https://www.databreaches.net/lake-charles-memorial-health-system-victim-of-cyberattack-and-data-leak-by-hive/

TPRM report: https://scoringcyber.rankiteo.com/company/lakecharlesmemorial

"id": "lak035251122",
"linkid": "lakecharlesmemorial",
"type": "Ransomware",
"date": "11/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Healthcare',
                        'name': 'Lake Charles Memorial Health System',
                        'type': 'Healthcare'}],
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Protected health information',
                                              'Personnel information']},
 'description': 'Hive hacked the Lake Charles Memorial Health System (LCMH)’s '
                'network for 12 days, exfiltrating 270 GB of files including '
                'patient and employee data. A sample of files was attached to '
                'the email as proof of claims. Hive demanded $900,000 to '
                'delete all files and provide information on their '
                'vulnerabilities. The leak included protected health '
                'information on patients, such as a folder with 5,834 files '
                'for patients using the mammography service in 2022. Other '
                'folders contained internal documents, such as files relating '
                'to a previous HIPAA breach inquiry, and yet other folders and '
                'files contain personnel information on employees. It also '
                'contained files on personnel information and a folder with '
                '664 files on individual employees with their personal and '
                'personnel information.',
 'impact': {'data_compromised': ['Patient data',
                                 'Employee data',
                                 'Internal documents']},
 'motivation': 'Financial',
 'ransomware': {'data_exfiltration': True,
                'ransom_demanded': '$900,000',
                'ransomware_strain': 'Hive'},
 'regulatory_compliance': {'regulations_violated': ['HIPAA']},
 'threat_actor': 'Hive',
 'title': 'Hive Ransomware Attack on Lake Charles Memorial Health System',
 'type': 'Ransomware'}