The BianLian ransomware group has claimed the cyberattack on Boston Kids’s Well being Physicians (BCHP) and threatens to leak stolen information until a ransom is paid.
BHCP is a community of over 300 pediatric physicians and specialists working over 60 places throughout New York’s Hudson Valley and Connecticut, providing affected person care in clinics, group hospitals, and well being facilities affiliated with Boston Kids’s Hospital.
In line with the announcement BHCP printed on its web site, a cyberattack compromised its IT vendor on September 6 and some days later BHCP detected unauthorized exercise on its community.
“On September 6, 2024, our IT vendor knowledgeable us that it recognized uncommon exercise in its programs. On September 10, 2024, we detected unauthorized exercise on restricted components of the BCHP community and instantly initiated our incident response protocols, together with shutting down our programs as a protecting measure.” – BHCP
The investigation that adopted, performed with the assistance of a third-party forensic professional, confirmed that the risk actors had gained unauthorized entry to BHCP programs and likewise exfiltrated information.
The publicity impacts present and former staff, sufferers, and guarantors. The uncovered information contains the next, relying on the data clients offered to BHCP:
- Full names
- Social Safety numbers
- Addresses
- Dates of beginning
- Driver’s license numbers
- Medical document numbers
- Medical health insurance info
- Billing info
- Remedy info (restricted)
BHCP clarifies that the cyberattack didn’t influence its digital medical document programs, as they’re hosted on a separate community.
People confirmed to have been affected by the incident will obtain a letter from BHCP by October 25. Those that had their SSN and driver’s license uncovered may even obtain credit score monitoring and safety providers.
BianLian claims the assault
Earlier this week, the BianLian ransomware group claimed the assault by ading BHCP to their extortion portal.
The risk actors declare to have finance and HR information, electronic mail correspondence, database dumps, personally identifiable and well being data, medical insurance data, and information associated to kids.
The risk actors haven’t leaked something but, and there’s no deadline for exposing the stolen info, indicating that they nonetheless count on to barter with BHCP.
Attacking kids healthcare organizations and stealing the information of minors is often prevented by ransomware teams, or at the least they declare so, however some risk actors lack the ethical pointers to attract the road at that.
Earlier this yr, the Rhysida ransomware group demanded a ransom cost of $3.6 million from Lurie Kids’s Hospital in Chicago after stealing 600GB of delicate information from its programs and inflicting operational disruptions that led to delays in medical care.