NetWalker ransomware group claims credit for cyber-attack against Lorien Health Services

Elderly healthcare provider Lorien Health Services hit by data breach

Lorien Health Services, a Maryland-based operator of nursing and assisted living facilities for elderly patients, has disclosed a data breach linked to the NetWalker ransomware gang.

Attackers may have gained unauthorized access to the personal information of around 47,800 individuals, according to a breach notification sent to the Secretary of Health and Human Services.

A letter (PDF) sent on July 16 to the Attorney General of New Hampshire (three New Hampshire residents were potentially affected) on behalf of Lorien said that the stolen data may have included names, addresses, social security numbers, dates of birth, and diagnosis and treatment information.

NetWalker breach

The healthcare organization said data on its network had been encrypted by ransomware on June 6.

A subsequent investigation determined on June 10 that personal information may have been accessed during the incident.

Ransom Leaks, which scours the dark web for the nefariously obtained spoils of ransomware attacks, tweeted on June 13 that the NetWalker group had shared admission records and directory listings as proof that they had hacked Lorien.

The post also claimed that the gang was threatening to leak the data in six days if the ransom wasn’t paid. Ransom Leaks told The Daily Swig that the gang has since leaked 150MB worth of files, and provided screenshots that appear to show an admission record for a Lorien facility and a lengthy list of internal system folders.


Read more of the latest healthcare data breach and security news


Also known as Mailto, the NetWalker threat group emerged in mid-2019 and is notorious for threatening to leak sensitive data if hefty ransoms are not paid.

The gang has ruthlessly sought to exploit the Covid-19 pandemic, targeting hospitals in Spain in March then extracting $1.14 million from the University of California San Francisco, which is working on a vaccine, in June.

Credit monitoring

Delivered through 10 healthcare facilities across Maryland, Lorien’s services are aimed at seniors and include assisted living, ventilator care, and hospice care.

Like many nursing homes across the US, Lorien has also had to tackle Covid-19 outbreaks at its facilities in recent months.

The organization said it had notified the FBI, and offered potentially affected residents 12 months of complimentary credit and identity monitoring services.

“In addition to restoring its system, Lorien has implemented enhanced security measures to minimize the likelihood that an event like this might occur again in the future,” the healthcare operator said.

The Daily Swig has contacted Lorien and cybersecurity experts for further comment.


RELATED LibreHealth medical records app exposes sensitive patient data