These letters, according to a March 5 news release, are being delivered through the U.S. Postal Service and originating domestically.
The letters, allegedly from the Russian ransomware group BianLian, claim to possess a significant amount of sensitive patient health information and other personally identifiable data. The hackers warn they will publish the data unless a ransom is paid. However, they provide no proof of stolen information or contact details—only a ransom demand and payment method, according to the release.
The American Hospital Association said it has engaged with affected organizations and the FBI regarding the matter.