cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

LockBit ransomware attack on US healthcare organisation avoids encrypting data to protect patients

The LockBit ransomware gang has claimed an attack on US healthcare software organisation Capital Health, taking special care not to encrypt the systems to prevent putting patients at risk.

user icon Daniel Croft
Mon, 08 Jan 2024
LockBit ransomware attack on US healthcare organisation avoids encrypting data to protect patients
expand image

Capital Health is a provider of integrated healthcare systems and is based in New Jersey. It has over 1,000 staff.

The attack was first detected in November, with the company experiencing network outages all throughout last month.

“Capital Health experienced network outages towards the end of last month due to a cyber security incident; something we know is also being experienced at other healthcare organisations across the country,” the company said.


“At this time, all services are available at our facilities, all systems have been restored, and all operations have returned to normal.”

Following the discovery of the attack, Capital Health launched an investigation, notified third-party experts and law enforcement, and sought to mitigate further damage.

Capital Health has since restored its services to normal but is unable to confirm what data was compromised and how many customers, if any, have been affected by the breach.

“We are currently working with a forensic investigation firm to assess the risk to patient and employee data. We will provide more information as soon as it is available,” added Captial Health.

The LockBit ransomware gang has said it is responsible for the attack, having listed the company on its dark web leak site.

“We just stole over 10 million files. Over 7 terabytes of medical confidentiality data valued at $250,000. That’s all you need to know about this hospital,” the group said.

Interestingly, LockBit has avoided encrypting the hospital’s data as is common in ransomware attacks.

“We purposely didn’t encrypt this hospital so as not to interfere with patient care,” the group wrote.

Despite its care for Capital Health’s patients, LockBit is still holding the organisation’s data to ransom and has set a deadline for payment for 9 January.

Alongside the files, LockBit has also listed that a chat history, assumingly between it and Capital health, will be released.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.