View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 7, 2023updated 10 Aug 2023 3:41pm

LockBit threatens to leak cancer patient medical data

The ransomware gang has allegedly hacked Varian Medical Systems, a healthcare company specialising in providing software for oncology departments.

By Claudia Glover

Ransomware gang LockBit has announced its intention to leak private medical data belonging to cancer patients after allegedly hacking Varian Medical Systems, a healthcare firm that provides software for oncology applications. According to the ransomware gang, Varian has until 17 August to enter into negotiations to retrieve what was stolen in the raid if it wishes to avoid ‘all databases and patient data’ being published on LockBit’s blog. 

Ransomware gang LockBit has threatened to publish sensitive corporate data and the private medical information of cancer patients that it has exfiltrated from Varian Medical Systems, a subsidiary of Siemens Healthineers, if the company does not engage in negotiations for the release of either within the next fortnight. (Photo by Sundry Photography / Shutterstock)

A subsidiary of Siemens Healthineers, Varian specialises in supplying diagnostic and therapeutic oncology services. As of 2021, the California-headquartered company posted an annual profit of £269m and employed over 10,000 staff. Though details have yet to emerge as to how LockBit breached Varian’s systems or how much data was exfiltrated, the ransomware gang warned readers of its so-called ‘victim blog’ that the company should expect to see its private databases and patient medical data published shortly if it did not enter into negotiations within two weeks. 

Such threats may form part of a ‘triple extortion’ strategy common to ransomware gangs, a three-part campaign against a company that begins with the theft of sensitive-looking data, which is then encrypted. That data is only returned and kept private if the corporate victim of the breach pays a ransom, whereupon they are provided – in theory – with a decryption key. It remains unclear, however, whether this is precisely the case with Varian. A statement provided to Tech Monitor by Varian’s parent company, Siemens Healthineers, confirmed that an internal investigation into the alleged breach is underway, but refrained from commenting further. “Siemens Healthineers is aware that a segment of our business is allegedly affected by the Lockbit ransomware group,” said a spokesperson. “Cybersecurity is of utmost importance to Siemens Healthineers, and we are making every effort to continually improve our security and data privacy.”

LockBit crime spree

Recent months have seen LockBit mount a series of disruptive cyberattacks against major companies. The first quarter of 2023 witnessed the gang attempt to breach 1,653 companies, according to a report by the US Cybersecurity and Infrastructure Security Agency, often repurposing freeware and open-source tools for use in network reconnaissance, remote access, tunnelling, credential dumping and file exfiltration.

Examples include LockBit’s recent campaign against the port of Nagoya, which ossified supply chains for Japanese carmaker Toyota, an attack against SpaceX that the ransomware gang claim resulted in a haul of 3,000 proprietary schematics, and an attempted extortion of Taiwanese chip manufacturer TSMC to the tune of $70m. 

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

If confirmed, this latest hack would be the third such incident in four months to hit the wider Siemens group. In April, Siemens Metaverse reported that sensitive data, including office plans and IoT devices, had leaked thanks to it being inappropriately secured. Then, in June, Siemens Energy was breached by Cl0p, a Russian ransomware gang, though in that case, the company reported that ‘no critical data has been compromised’. 

Read more: LockBit leaks more Royal Mail data after ransomware attack

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.