HQ/EMEAFind out how we can help your business
The notorious BianLian ransomware group claimed the attack on Boston Children’s Health Physicians (BCHP) earlier this month. The group revealed that they would leak stolen files from the affected entity if it did not comply with their ransom demands.
This incident may significantly impact various BHCPs since it is a network of over 300 pediatric physicians and specialists in 60 locations throughout New York’s Hudson Valley and Connecticut.
The ransomware attack could also indirectly impact people in need as the healthcare institution provides patient care in clinics, community hospitals, and health centres connected with Boston Children’s Hospital.
The Boston Children’s Health Physicians also explained on its website that a cyberattack breached its IT vendor last month, and they discovered the illegal activity on their network a few days later.
Hence, the institution deployed a subsequent investigation that confirmed that the threat actors had acquired unauthorised access to BHCP systems and had exfiltrated data.
The BianLian ransomware group may have acquired various data from numerous individuals.
This alleged BianLian ransomware attack could impact current and past employees, patients, and guarantors. Further investigation also confirmed the data types stolen during the hack, which include full names, social security numbers, addresses, date of birth, driver’s license numbers, medical record numbers, health insurance information, billing information, and treatment information (restricted).
Still, BHCP insisted that the cyberattack did not compromise its electronic medical record systems since they host it on a separate network. As of now, the healthcare provider assured that potentially affected individuals will get a letter from BHCP by October 25.
Additionally, people whose social security numbers and driver’s licenses were leaked will also receive credit monitoring and protection services.
On the other hand, the BianLian ransomware organisation claimed the attack by adding BHCP to its dark web extortion site. The threat actors asserted that they have acquired financial and HR data, email communications, database dumps, personally identifiable health records, health insurance records, and information about children.
The ransomware group has yet to expose anything, as it could be waiting for BHCP’s reply. The group did not set a deadline for the company before exposing the data, indicating that it intends to negotiate with BHCP.
