LockBit3.0 claims to have hit CapitalHealth.org in New Jersey. In a listing posted on their site on January 7, the threat actors write, “We purposely didn’t encrypt this hospital so as not to interfere with patient care. We just stole over 10 million files. Over 7 terabytes of medical confidentiality data valued at $250,000. That’s all you need to know about this hospital.”
There is no proof of claims posted to support their claim that they stole over 10 million files and over 7 TB of “medical confidentiality data valued at $250,000.” There is a January 9 deadline to pay.
For its part, Capital Health issued a notice on its website that refers to “network outages” and a “cybersecurity incident. They make no mention of any extortion attempt or that a known group has claimed responsibility for the attack and threatened to leak confidential patient data.
Information Technology Security Incident
Capital Health experienced network outages towards the end of last month due to a cybersecurity incident; something we know is also being experienced at other health care organizations across the country. At this time, all services are available at our facilities, all systems have been restored, and all operations have returned to normal.
At the end of November, Capital Health became aware of a cybersecurity incident impacting its systems. Capital Health’s Information Technology team immediately began to assess the situation, safeguard data, and work to regain system functionality.
What did we do to correct the situation?
Capital Health immediately notified and engaged law enforcement and third party forensic and information technology experts to assist. Capital Health’s IT team took additional security measures to protect systems and worked around the clock to recover and restore our systems.
Do we know what data has been exposed, and is my patient, employee, or financial data compromised?
We are currently working with a forensic investigation firm to assess the risk to patient and employee data. We will provide more information as soon as it is available.
What impact is there to patient care at your hospitals?
All health care services are available at Capital Health and all systems have been restored.