Lehigh Valley Health Network Details

    Organization Logo

    Lehigh Valley Health Network

    Allentown, Pennsylvania19000 employees • Healthcare

    United States

    Industry

    Healthcare

    Security Incidents

    1

    Lehigh Valley Health Network (LVHN) is a comprehensive healthcare system that provides a wide range of medical services, including acute care, primary care, specialist services, and community health initiatives. Before its acquisition by Jefferson Health in August 2024, LVHN operated independently, serving the Lehigh Valley metropolitan region in eastern Pennsylvania. LVHN is known for its large network of hospitals, numerous outpatient facilities, and various health programs aimed at enhancing the well-being of the community.

    Founded to cater to the growing healthcare needs of the Lehigh Val...
    Show more

    Security Incidents

    Lehigh Valley Health Network Breach of Jan 2023
    Severity Score
    High

    Type

    Ransomware Attack

    Summary

    On January 8, 2023, Lehigh Valley Health Network (LVHN) experienced a ransomware attack perpetrated by the Alphv/BlackCat ransomware group. The attackers deployed the ransomware in early February 2023, resulting in the significant theft of sensitive data, including personal information, medical records, treatment records, and clinical images of patients. Notably, some of the stolen data included nude photos of cancer patients, which were subsequently published on the hackers' leak site in March 2023.

    LVHN disclosed the breach in late February 2023 and notified potentially affected individuals...
    Show more

    Severity

    The LVHN incident was a sophisticated ransomware attack by the Alphv/BlackCat group that resulted in a substantial data breach. Attackers exfiltrated personal information, medical treatment records, and nude clinical images, causing severe emotional distress and privacy violations for over 130,000 patients and employees. With no critical systems taken offline, the incident's primary focus was the massive impact of the data breach, leading to significant legal repercussions and a $65 million class-action settlement agreement. This incident would be rated as a 9, "High" on the severity scale, du...
    Show more

    Impact

    The incident at Lehigh Valley Health Network (LVHN) was a sophisticated ransomware attack executed by the Alphv/BlackCat ransomware group. Unfortunately, this led to a significant data breach where attackers exfiltrated personal information, medical treatment records, and disturbingly, clinical images—including nude photos of cancer patients. The disclosure of such highly sensitive data not only compromised the privacy of over 130,000 patients and employees but also resulted in severe emotional distress for those whose nude photos were published online.

    Operationally, there is no indication t...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos