Southwest Louisiana healthcare provider Lake Charles Memorial Health System (LCMHS) is informing roughly 270,000 patients that their personal and medical information was compromised in a data breach.
A regional community healthcare system consisting of several facilities, LCMHS identified the cyberattack on October 25 and started informing the impacted patients of the incident on December 23.
In a notification on its website, LCMHS says that ‘an unauthorized third party’ gained access to its network between October 20 and October 21.
The attackers accessed and likely exfiltrated certain files containing patient data, the healthcare provider says.
The stolen files contained patient information such as names, addresses, birth dates, health insurance information, medical record numbers, patient identification numbers, payment data, and details regarding care received at LCMH. Social Security numbers were also compromised in some cases.
On December 22, the healthcare provider informed the US Department of Health and Human Services that approximately 270,000 individuals were impacted by the incident.
While LCMH has not shared details on the type of cyberattack it fell victim to, the Hive ransomware gang has already claimed responsibility for the incident.
The hacking group boasted about the cyberattack on their Tor website, claiming to have exfiltrated from LCMH’s network various business files (bills of materials and contracts), medical records, file scans, and other types of data.