Hackers affiliated with the LockBit ransomware group have infiltrated medical systems manufactured by Varian, a Siemens Healthineers company, gaining access to patient data.

The attackers listed Varian on its leak website on August 7, and gave it a deadline of August 17 to negotiate a ransom to avoid "all databases and patient data" being published on LockBit’s blog,” reported Tech Monitor.

According to reports, the data impacted by the attack is confined to a single hospital in Seoul, South Korea.

In a statement to HCB News, a spokesperson for Siemens Healthineers, which acquired Varian in 2021, said the company is investigating the incident and has “comprehensive measures in place to mitigate cybersecurity risk."

LockBit did not publicly specify how much it was seeking from Varian for the return of its information, and it was not clear how it breached the network, or how much data it stole.

The attack is one of several that LockBit has recently launched within the healthcare industry. On August 17, it listed United Medical Centers as one of its victims, a healthcare provider in Southwest Texas which previously said it was “experiencing technical difficulties” with its network and “actively addressing the issue to restore normal operations as swiftly as possible,” according to Recorded Future News.

But Jon DiMaggio, chief security strategist at Analyst1 who infiltrated and communicated with members of the group, told Recorded Future News that LockBit’s backend infrastructure and lack of available bandwidth has made it harder to publish data and forced the organization to rely more heavily on its reputation to scare victims into paying ransoms rather than its actual capabilities.

“Affiliates are leaving LockBit’s program for its competitors. They know that LockBit is unable to publish large amounts of victim data, despite its claims,” he said.

Health IT Homepage