The hospital system of Louisiana State University (colloquially known as LSU) has experienced a cyberattack, another in a growing and worrisome line of incidents against health systems. This information became known publicly due to a press release from the LSU Health New Orleans Health Care Services Division. According to the press release, LSU became aware of a breach that gave access to an employee’s emails. The data accessed specifically was related to patients who had received treatment at the following hospitals:
- Lallie Kemp Regional Medical Center (Independence)
- Leonard J. Chabert Medical Center (Houma)
- W.O. Moss Regional Medical Center (Lake Charles)
- Earl K. Long Medical Center (Baton Rouge)
- Bogalusa Medical Center Bogalusa University Medical Center (Lafayette)
- Interim LSU Hospital (New Orleans)
LSU Health Care Services Division believes the intrusion began on Sept. 15 and ended about three days later. Why it took two months to notify patients most likely has to do with the ongoing investigation with law enforcement. It isn’t unheard of for federal investigators and local law enforcement to hold off releasing information until they have a relatively solid understanding of the cyberattack.
As far as the actual data in question, while none of the data is believed to have been used in the wild, LSU states that the following was open to being accessed by the unnamed intruders:
The type and amount of patient information varied by location of care and each email message but may have included: patients’ names; medical record numbers; account numbers; dates of birth; Social Security numbers; dates of service; types of services received; phone numbers; and/or addresses; and insurance identification numbers. A few contained a patient’s bank account number and health information including a diagnosis.
Especially in the time of this COVID-19 pandemic, hospitals have seen a massive spike in attacks. The stressed health-care system — namely its stressed workers — are being pushed to the brink. The last thing on their minds is cybersecurity protocols when they have lives to save during an outbreak.
This is what cybercriminals are banking on, and sadly, it is working. It certainly did with the LSU health system cyberattack.
Featured image: Pixabay