LockBit Claims Attack on Capital Health with Data Leak Ultimatum

The LockBit ransomware operation has asserted its involvement in a cyberattack on the Capital Health hospital network, placing the New Jersey-based healthcare service provider at risk of a data leak. Capital Health, which manages two major hospitals and multiple satellite clinics in New Jersey and parts of Pennsylvania, experienced an IT systems outage following the cyber incident, with a warning that its operations would be impacted for at least a week.

Capital Health’s recent updates suggest that all systems have been restored, and operations have returned to normal. The organization has also implemented additional security measures to prevent similar incidents from occurring in the future. However, ongoing investigations are being conducted to determine whether any data was pilfered during the cyberattack.

The LockBit ransomware gang has now escalated the situation by claiming responsibility for the attack on Capital Health and listing the healthcare company on its data leak extortion portal. In a menacing move, the cybercriminals assert that they have seized seven terabytes of sensitive medical data, threatening to release the stolen data and negotiation chats tomorrow if the organization fails to meet their ransom payment demands.

LockBit, known for its affiliate rule, permits hackers associated with the operation to steal data for extortion purposes without encrypting files on hospital networks. Despite previous deviations from this policy by affiliates, the LockBit operation states that, in the Capital Health attack, they intentionally refrained from encrypting the organization’s files, focusing solely on data exfiltration.

The ransomware gang justifies their actions by stating, “We purposely didn’t encrypt this hospital so as not to interfere with patient care. We just stole over 10 million files.” This departure from the conventional approach of encrypting files highlights LockBit’s distinct strategy within the ransomware landscape.

While many ransomware groups adhere to strict policies against targeting healthcare service providers, the LockBit operation has repeatedly targeted healthcare networks, including notable incidents involving SickKids children’s cancer hospital, the Katholische Hospitalvereinigung Ostwestfalen (KHO) in Germany, and the Carthage Area Hospital and Claxton-Hepburn Medical Center in upstate New York.

The emergence of ransomware attacks adopting a pure data-theft approach poses challenges, as it creates a deceptive sense of “harmless” cyberattacks. Despite the absence of encryption, such attacks can still result in system outages, catastrophic data breaches affecting individuals who received care in targeted hospitals, and substantial financial losses for institutions already grappling with underfunding or economic strain.

As LockBit ransomware poses a potent threat to organizations like Capital Health, robust cybersecurity measures become paramount. Regularly updating and patching systems can close potential vulnerabilities, minimizing the risk of ransomware infections. Organizations alco can implementing strong access controls, including multi-factor authentication, adds an additional layer of defense against unauthorized access.