kras99 - stock.adobe.com

LockBit Ransomware Claims Capital Health Cyberattack

LockBit ransomware claimed responsibility for a November 2023 attack on Capital Health that resulted in system downtime.

Capital Health has restored all systems and operations in the wake of a November 2023 cyberattack that caused a network outage, it assured patients in a recent update. However, LockBit ransomware has since claimed responsibility for the attack.

As previously reported, Capital Health, which operates two hospitals in New Jersey and other regional care sites, experienced a network outage in November. The organization continued to care for patients at both hospitals, including emergency rooms, amid system downtime.

Bleeping Computer reported that LockBit listed Capital Health on its data leak extortion portal.

“We purposely didn’t encrypt this hospital so as not to interfere with patient care,” LockBit stated. “We just stole over 10 million files. Over 7 terabytes of medical confidentiality data valued at $250,000. That’s all you need to know about this hospital.”

Even without encryption, the cyberattack resulted in network outages. Capital Health stated that it is currently working with a forensic firm to assess the risk to patient and employee data and will provide more information as it becomes available.

The Capital Health incident was one of several US healthcare organizations targeted during the holiday season. Ardent Health Services which owns 30 hospitals and 200 sites of care across six states, recently confirmed that it was hit by a ransomware attack on Thanksgiving Day, November 23.

Upon discovery, Ardent took its network offline and suspended all user access to its information technology applications, including Epic software, corporate servers, and clinical programs. In addition, Ardent hospitals in multiple states were forced to divert ambulances amid the disruptions.

As of December 21, Ardent had restored access to its patient portal and prompted users to reset MyChart passwords.

“As always, safely caring for patients remains our highest priority and we continue to provide care through all locations, including our hospitals, clinics and emergency rooms,” Ardent stated. “All non-urgent procedures have resumed and our teams are working directly with any impacted patients to reschedule appointments and ensure they receive the care they need.”

Next Steps

Dig Deeper on Healthcare data breaches