LockBit ransomware gang claims the attack on Capital Health

The LockBit ransomware gang claimed responsibility for the cyber attack on the Capital Health hospital network.

The LockBit ransomware operation has claimed responsibility for the cyberattack that hit the Capital Health hospital network in November 2023.

Capital Health Regional Medical Center is a member of Capital Health System. Located in Trenton, New Jersey, Capital Health Regional Medical Center, is a regional academic medical center and state-designated trauma center that cares for both complex and routine cases. The William McKinley Memorial Hospital was the outgrowth of a movement to establish a homeopathic dispensary.

In November, the hospital network suffered an IT systems outage following a cyberattack. The healthcare organization notified law enforcement and hired third-party forensic and information technology experts to assist. It also announced additional security measures to protect its infrastructure.

Now the Lockbit ransomware group added Capital Health to the list of victims on its Tor data leak site and threatens to leak the stolen data on January 09, 2024, 17:48:59 UTC. The gang announced its has stolen Over 7 terabytes of medical confidentiality data valued at $250,000.

The cybercriminal group clarified that its attacks do not disrupt patient care but are confined to data theft when targeting hospitals.

“We purposely didn’t encrypt this hospital so as not to interfere with patient care. We just stole over 10 million files. Over 7 terabytes of medical confidentiality data valued at $250,000. That’s all you need to know about this hospital.” reads the message published by the gang on its leak site.

Capital Health Lockbit

Unfortunately, Lockbit affiliates continue to target healthcare organizations. Recently the German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) announced it has suffered service disruptions at three hospitals (Bielefeld, Rheda-Wiedenbrück, and Herford) after a Lockbit ransomware attack. The security incident could have a serious impact on the local population due to the interruption of medical emergencies.The ransomware gang hit the KHO on Christmas Eve and gained access to specifically encrypted data, the organization revealed in a statement published on its website.

LockBit gang denied its involvement in the attack on KHO, likely another extortion group may have used the leaked ransomware builder.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

文 » A