LockBit claims November attack on New Jersey hospital that disrupted patient care

The LockBit ransomware gang took credit for a November attack on a hospital system that forced multiple facilities in New Jersey and Pennsylvania to cancel appointments and operate without patient files.

This weekend, LockBit posted Capital Health to its extortion website, threatening to leak seven terabytes of stolen data from the company.

The gang claimed it only stole data from one hospital controlled by Capital Health — Regional Medical Center in Trenton — and did not encrypt the hospital systems "so as not to interfere with patient care."

But in November, the hospital said it experienced network outages because of the attack and was forced to enact emergency protocols to continue helping patients. Its emergency rooms were able to stay open but several elective surgeries were moved to later dates and outpatient radiology appointments were canceled.

Neurophysiology and non-invasive cardiology testing were also rescheduled while the hospital spent more than a week operating with “system limitations.”

Capital Health provided a brief update in December that all systems were restored and that they are in the process of assessing “the risk to patient and employee data.”

The organization did not respond to requests for comment about the data being sold by LockBit. The ransomware gang put a deadline of January 9 for the ransom to be paid.

Despite internal gang rules prohibiting attacks on hospitals, LockBit members continued their streak of targeting healthcare facilities. The gang caused outrage after launching an attack against Toronto’s Hospital for Sick Children, Canada's largest pediatric health center, during the Christmas season in 2022.

Ransomware attacks on hospitals continue to cause widespread problems for the healthcare industry, forcing multiple facilities to divert ambulances, cancel appointments and more.

But one of the biggest issues is the data stolen from healthcare facilities, which often include sensitive information like Social Security numbers and clinical photos.

In an incident two weeks ago, a ransomware gang used data stolen from a prominent cancer center based in Seattle to extort patients individually.

Several data theft incidents have been reported by healthcare companies over the last two weeks. North Kansas City Hospital warned last week that hackers had breached the systems of an outside vendor and stolen information on health insurance, demographics and clinical operations during a month-long security incident.

Right before Christmas, Oklahoma’s Integris Health warned customers that hackers were contacting patients after breaching company systems on November 28. Several customers said they had received emails from hackers attempting to extort them using data stolen from the non-profit hospital system.