Personal data from 270,000 patients was leaked in Louisiana hospital cyberattack

The personal information of nearly 270,000 patients – including Social Security Numbers – was leaked in an October cyberattack on the largest hospital in Lake Charles, Louisiana, the facility announced this week.

In a breach notification letter sent to victims, Lake Charles Memorial Health System said cybercriminals breached its systems on October 21 and “accessed or obtained certain files” from their systems. The hospital has more than 300 beds and a primary clinic for people without health insurance. 

“We reviewed these files and determined that some patient information was contained within them, which may have included patient names, addresses, dates of birth, medical record or patient identification numbers, health insurance information, payment information and/or limited clinical information regarding care received at LCMH,” the hospital explained

“In some limited instances, patients’ Social Security numbers were also included. LCMH’s electronic medical record was not accessible to the unauthorized party.”

Representatives from the hospital did not respond to questions about how many Social Security numbers were involved in the breach. But the hospital reported the incident to the U.S. Department of Health and Human Services on December 22 and said 269,752 people were affected. 

The hospital said law enforcement was contacted and independent experts were hired to handle the investigation. 

They began mailing breach notification letters on December 23 – noting that those who had their Social Security Numbers accessed are being offered credit monitoring and identity theft protections. It is unclear if that offer also extends to those who did not have their Social Security Numbers leaked, and the hospital did not respond to requests for comment. 

The hospital urged patients to look over statements from their health insurance provider to make sure they were not billed for any services they did not receive. 


A screenshot from the Hive leak site.

On November 15, the Hive ransomware group posted the hospital to its leak site. The group said it encrypted the hospital's systems on October 25, posting evidence like samples of contracts, patient documents and more.

The group has made a point of going after hospitals, taking credit for a ransomware attack on Partnership HealthPlan of California, a nonprofit that helps hundreds of thousands of people access health care in California.

The FBI spotlighted the Hive ransomware group in August 2021 after their members ransomed dozens of healthcare organizations last year. 

In 2021, Hive attacked at least 28 healthcare organizations, including Memorial Health System in Ohio and West Virginia, which was hit with a ransomware attack on August 15

The group was highlighted again this year in a security alert from the U.S. Department of Health and Human Services, with the agency calling the gang an “exceptionally aggressive, financially-motivated ransomware group known to maintain sophisticated capabilities who have historically targeted healthcare organizations frequently.”

“The Hive ransomware group has been known to be operational since June of 2021 but in that time has been very aggressive in targeting the US health sector,” HHS experts said. 

“One report covering the third quarter of 2021 – just months after they began operating – ranks them as the fourth most active ransomware operators in the cybercriminal ecosystem.”

According to Recorded Future’s ransomware tracker, Hive is among the top ten most active ransomware groups operating currently. 

The group has brought in more than $100 million from attacks on more than 1,300 companies worldwide from June 2021 to November 2022, according to a November joint report from several U.S. agencies.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.