LockBit ransomware hits another US healthcare firm, threatens to leak customer data

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

The operators of the notorious LockBit ransomware have assumed responsibility for a cyberattack against Capital Health hospital that took place in late November 2023. 

As reported by BleepingComputer, the group has added the healthcare institution to its data leak website and is threatening to release the stolen data soon, unless the ransom demand is met.

The group claims to have stolen 7TB of sensitive medical data in the attack.

Ethical questions

"We purposely didn't encrypt this hospital so as not to interfere with patient care. We just stole over 10 million files," the threat actors said on the data leak site.

A ransomware attack is highly disruptive. It encrypts all of the data on the target system, rendering the entire infrastructure unusable until either a backup is restored, or a decryption key is obtained. Thus, encrypting key organizations, such as infrastructure operators, hospitals, and similar, could result in the loss of life, which then triggers DEFCON 1 for law enforcement.

Ransomware groups that target key infrastructure operators usually end up being dismantled by the police, as was the case with DarkSide which attacked Colonial Pipeline back in 2021.

LockBit, on the other hand, is a ransomware-as-a-service, where different affiliate groups can use the tool, as long as they comply with a few rules set up by the developers. One of the rules is not to mess with hospitals and key infrastructure organizations. In fact, when an affiliate targeted the Sickkids hospital for sick children in January last year, LockBit’s owners publicly apologized, delivered the decryptor for free, and cut ties with the affiliate. 

However, BleepingComputer reports that this rule is frequently broken, as was when the Katholische Hospitalvereinigung Ostwestfalen (KHO) in Germany, and the Carthage Area Hospital and Claxton-Hepburn Medical Center in upstate New York were attacked.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.