By July 1, word was circulating that the Baton Rouge General Medical Center in Louisiana had been hit by ransomware. A copy of the ransom note shared with DataBreaches pointed clearly to the Hive group, but when asked about it, Hive’s spokesperson claimed that DataBreaches had “incorrect info.”
Since then, the medical center has not replied to inquiries by multiple sources about the breach, including inquiries by DataBreaches. But it has also not shown up on Hive’s dedicated leak site which can mean one of a few things: (i) BRG paid the ransom, (ii) they are negotiating to pay ransom, or (iii) Hive is just giving them more time before they add them to the leak site.
Hive did not respond to an updated inquiry sent to them this week, but someone with knowledge of the incident did share some information with DataBreaches on background. According to that person, BRG refused all assistance from or cooperation with the state’s fusion center, local police, state police, and federal law enforcement.
Patient services were “definitely” impacted, this individual stated, explaining that patients had been diverted to other hospitals and patient records had been lost. In addition, BRG provides lab service to numerous facilities in the area and all of those were down as well, the individual stated.
DataBreaches does not know if those impacts are ongoing at this point or if any of the functions or services have been restored. There is no notice on BRG’s website to alert patients to any disruption in services and if they have issued any press release or statement, this site has not yet found it.
This post will be updated if BRG does respond to inquiries.