Share this article on:
The LockBit ransomware gang has claimed an attack on US healthcare software organisation Capital Health, taking special care not to encrypt the systems to prevent putting patients at risk.
Capital Health is a provider of integrated healthcare systems and is based in New Jersey. It has over 1,000 staff.
The attack was first detected in November, with the company experiencing network outages all throughout last month.
“Capital Health experienced network outages towards the end of last month due to a cyber security incident; something we know is also being experienced at other healthcare organisations across the country,” the company said.
“At this time, all services are available at our facilities, all systems have been restored, and all operations have returned to normal.”
Following the discovery of the attack, Capital Health launched an investigation, notified third-party experts and law enforcement, and sought to mitigate further damage.
Capital Health has since restored its services to normal but is unable to confirm what data was compromised and how many customers, if any, have been affected by the breach.
“We are currently working with a forensic investigation firm to assess the risk to patient and employee data. We will provide more information as soon as it is available,” added Captial Health.
The LockBit ransomware gang has said it is responsible for the attack, having listed the company on its dark web leak site.
“We just stole over 10 million files. Over 7 terabytes of medical confidentiality data valued at $250,000. That’s all you need to know about this hospital,” the group said.
Interestingly, LockBit has avoided encrypting the hospital’s data as is common in ransomware attacks.
“We purposely didn’t encrypt this hospital so as not to interfere with patient care,” the group wrote.
Despite its care for Capital Health’s patients, LockBit is still holding the organisation’s data to ransom and has set a deadline for payment for 9 January.
Alongside the files, LockBit has also listed that a chat history, assumingly between it and Capital health, will be released.