Updating the Lake Charles Memorial Health System data breach
On Oct. 25, the Hive ransomware team notified Lake Charles Memorial Health System that they had been in their system for 12 days and had exfiltrated 270 GB of the hospital, employee, and patient data. As Hive informed the health system and DataBreaches, Hive had exfiltrated data but not locked it. They demanded $900,000 to delete all the data they had exfiltrated and to inform LCMH of the vulnerabilities that allowed Hive to successfully attack them.
Lake Charles appeared to negotiate with Hive for a while but then ceased contact. Hive started dumping the data in mid-November, including employee and patient records.
On Dec. 22, Southwest Louisiana Health Care System (dba Lake Charles Memorial Health System) notified HHS that the incident affected 269,752 patients. The number of affected employees not included in the patient count has yet to be revealed.