home website of the Lehigh Valley Health Network

Breast cancer photos published by ransomware gang

The Russia-linked ALPHV ransomware group, also known as BlackCat, has posted sensitive clinical photos of breast cancer patients—calling them “nude photos”—to extort money from the Lehigh Valley Health Network (LVHN).

This has triggered a chorus of accusations from the cybersecurity community, with some labeling the group as “barbarians” and others saying the group is “exploiting and sexualizing breast cancer“.

The leak page for data stolen from the Lehigh Valley Health Network. Apart from the clinical photos, ALPHV also leaked sensitive, personally identifiable information on passports and questionnaires.

“This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior,” LVHN spokesman Brian Downs said, Lehigh Valley News reported.

LVHN had previously said it fell victim to a BlackCat ransomware attack on February 20. The Network initially detected an intrusion within its IT systems on February 6 and said that initial analysis showed the attack was on a network supporting one physician practice located in Lackawanna County.

The ransom amount has never been made public, but we know that the Network decided not to pay ALPHV anyway. Lehigh’s website has remained offline since the attack.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Write an incident response plan. The period after a ransomware attack can be chaotic. Make a plan that outlines how you’ll isolate an outbreak, communicate with stakeholders, and restore your systems.

Have a question or want to learn more about our cyberprotection? Get a free business trial below.



Jovi Umawing

Knows a bit about everything and a lot about several somethings. Writes about those somethings, usually in long-form.