Hackers leaked thousands of full frontal images of cancer patients online after a hospital system refused to pay a ransom.
The hackers gained access to the hospital’s computer network when an employee clicked a malicious link in an email.
The hacker installed malicious software on the computer network before downloading 1 terabyte of data, including personal information and medical records of thousands of cancer patients.
The hacker then contacted the hospital with a demand for payment in Bitcoin to be transferred to the hacker’s crypto wallet via an encrypted key.
When the hospital refused to pay the ransom, and instead contacted the news media, the hacker wrote in an email dated May 10:
“Because your hypocritical leadership has told the media that patient data comes first, but refuses to pay us, we will publish more confidential data every week. [Nude] pictures of patients and all their data, medical histories, databases, documents and the [like]… We’ll be doing this until we post a complete list of 1 [terabyte of data].
Silvia Garcia, a breast cancer survivor from Atlanta, said she’s horrified to think this could happen to her.
“To think that maybe my picture could have been there, thinking that a stranger saw that, is horrifying but infuriating, too,” Garcia said. “Why? Why would someone want to do that after we’ve been through so much?”
Patrick Kelley, founder of Critical Path Security, discovered the breach online. He said cancer patients should ask more questions during examinations, such as, “Do you have to take these photos?” “What are you going to do with these photos? How long are you keeping this data?”
At least one class action lawsuit has been filed against Lehigh Valley Health Network. The lawsuit claimed the hospital’s refusal to pay the ransom demand “prioritized money over patient privacy.”
Watch the video below.