Southwest Louisiana Health Care System, Inc. d/b/a Lake Charles Memorial Health System
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
In October 2022, the Southwest Louisiana Health Care System, operating as Lake Charles Memorial Health System (LCMHS), experienced a significant data breach affecting approximately 270,000 patients. This cyberattack exposed a wide range of sensitive patient information, including medical records, insurance details, and Social Security numbers for some individuals. The breach was part of a cyberattack executed by the Hive ransomware group, which claimed responsibility for the incident. The attack was detected on October 21, 2022, when LCMHS’s IT team noticed unusual activity on their network. An internal investigation revealed that an unauthorized third party had accessed and potentially obtained files containing patient names, addresses, dates of birth, medical record or patient identification numbers, health insurance information, payment information, and limited clinical information regarding care received at LCMHS. In some cases, patients’ Social Security numbers were also compromised.
Following the discovery of the breach, LCMHS reported the incident to the Department of Health and Human Services on December 22, 2022, and began mailing data breach notifications to affected patients on December 23, 2022. The notifications informed patients of the breach and the types of information that may have been compromised. LCMHS also offered credit monitoring and identity theft protection services to patients whose Social Security numbers may have been obtained.
The breach has led to legal action, with a class action lawsuit filed by Milberg attorneys on behalf of affected patients, alleging that LCMHS failed to adequately protect their personally identifiable information (PII) and protected health information (PHI). The lawsuit claims that victims of the breach are likely to face ongoing issues related to the unauthorized use and sale of their information, which could lead to identity theft, fraud, and other damages.
This incident is part of a larger trend of cyberattacks targeting healthcare organizations, which are particularly vulnerable due to the valuable nature of medical data. Healthcare data breaches have become increasingly common, with the healthcare industry being the most attacked due to the profitability of medical data on the black market[1][2][6][7][11][12][13][15].
Citations:
- https://milberg.com/news/lake-charles-memorial-health-data-breach-lawsuit/
- https://www.kplctv.com/2023/01/05/memorial-sending-out-letters-those-affected-by-data-breach/
- https://www.newsweek.com/rankings/americas-best-state-hospitals-2024
- https://www.businesswire.com/news/home/20230209005563/en/Federman-Sherwood-Investigates-Lake-Charles-Memorial-Health-System-for-Data-Breach
- https://kffhealthnews.org/news/hospital-penalties/readmissions/
- https://www.hipaajournal.com/lake-charles-memorial-health-system-cyberattack-affects-almost-270000-patients/
- https://www.cnn.com/2022/12/28/politics/hackers-access-data-louisiana-hospital-system-ransomware/index.html
- https://www.thelyonfirm.com/blog/lake-charles-memorial-health-data-breach-investigation/
- https://www.jdsupra.com/legalnews/lake-charles-memorial-health-system-1024289/
- https://healthitsecurity.com/news/louisiana-health-system-notifies-270k-of-healthcare-data-breach
- https://www.bankinfosecurity.com/hive-ransomware-hits-louisiana-hospitals-leaks-patient-data-a-20823
- https://www.lcmh.com/cybersecurity/
- https://www.securityweek.com/data-breach-louisiana-healthcare-provider-impacts-270000-patients/
- https://www.upguard.com/security-report/lake-charles-memorial-health-system
- https://www.bleepingcomputer.com/news/security/ransomware-attack-at-louisiana-hospital-impacts-270-000-patients/