ALPHV crooks leak Lehigh Valley Health Network patient data


In a bid to push Lehigh Valley Health Network (LVHN) into paying the demanded ransom, cybercriminals have posted stolen photos of cancer patients.

No lows are low enough for digital extortion gangs. In the latest example, Russia-linked ransomware syndicate ALPHV (BlackCat) opted to leak cancer patient data and photos, to blackmail the US healthcare network into meeting the gang’s ransom demand.

The gang published what appears to be LVHN patient data and photos of likely breast cancer patients on its blog, which is used to post victim details. ALPHV further threatened the healthcare network, saying it would publish additional data.

ADVERTISEMENT

The rash action from the ransomware cartel is likely an indication of desperation. Ransomware groups publish snippets of stolen data as part of the double-extortion tactic: crooks steal data and then threaten victims that they’ll publish sensitive information if their demands are not met.

ALPHV
Leak announcement. Image by Cybernews

In late February, LVHN, a Pennsylvania-based healthcare provider, announced that the ALPHV syndicate had targeted it. However, the organization said it refused to succumb to threats from the ransomware gang.

Law enforcement agencies advise against paying ransom demands, as there is no guarantee that threat actors will provide a decryptor to unlock the stolen data. Moreover, paying the ransom encourages other syndicates to target the same organizations, since victims have shown they are worth the hacking time.

ALPHV ransomware was first observed in 2021. According to the FBI, money launderers for the ALPHV cartel are linked to Darkside and Blackmatter ransomware cartels, indicating the group has a well-established network of operatives in the RaaS business.

Like many others in the criminal underworld, the group operates a ransomware-as-a-service (RaaS) business, selling criminals malware subscriptions.

Data analyzed by the researchers at cybersecurity firm Malwarebytes show that ALPHV was the second most active gang in February, with 23 confirmed victims.

According to deep-web watchdog Darkfeed, over its lifetime, ALPHV ransomware has listed 296 count victims on its leak site to date. However, ransomware gangs don’t name all their victims, meaning the real number may be significantly larger.

ADVERTISEMENT