The BianLian ransomware group has claimed the cyberattack on Boston Youngsters’s Well being Physicians (BCHP) and threatens to leak stolen recordsdata except a ransom is paid.
BHCP is a community of over 300 pediatric physicians and specialists working over 60 places throughout New York’s Hudson Valley and Connecticut, providing affected person care in clinics, neighborhood hospitals, and well being facilities affiliated with Boston Youngsters’s Hospital.
In line with the announcement BHCP revealed on its web site, a cyberattack compromised its IT vendor on September 6 and some days later BHCP detected unauthorized exercise on its community.
“On September 6, 2024, our IT vendor knowledgeable us that it recognized uncommon exercise in its programs. On September 10, 2024, we detected unauthorized exercise on restricted components of the BCHP community and instantly initiated our incident response protocols, together with shutting down our programs as a protecting measure.” – BHCP
The investigation that adopted, carried out with the assistance of a third-party forensic skilled, confirmed that the menace actors had gained unauthorized entry to BHCP programs and in addition exfiltrated recordsdata.
The publicity impacts present and former staff, sufferers, and guarantors. The uncovered information contains the next, relying on the data prospects offered to BHCP:
- Full names
- Social Safety numbers
- Addresses
- Dates of delivery
- Driver’s license numbers
- Medical file numbers
- Medical health insurance info
- Billing info
- Remedy info (restricted)
BHCP clarifies that the cyberattack didn’t affect its digital medical file programs, as they’re hosted on a separate community.
People confirmed to have been affected by the incident will obtain a letter from BHCP by October 25. Those that had their SSN and driver’s license uncovered may even obtain credit score monitoring and safety providers.
BianLian claims the assault
Earlier this week, the BianLian ransomware group claimed the assault by ading BHCP to their extortion portal.
The menace actors declare to have finance and HR information, e mail correspondence, database dumps, personally identifiable and well being data, medical health insurance data, and information associated to kids.
The menace actors haven’t leaked something but, and there’s no deadline for exposing the stolen info, indicating that they nonetheless anticipate to barter with BHCP.
Attacking kids healthcare organizations and stealing the info of minors is usually averted by ransomware teams, or a minimum of they declare so, however some menace actors lack the ethical pointers to attract the road at that.
Earlier this yr, the Rhysida ransomware group demanded a ransom fee of $3.6 million from Lurie Youngsters’s Hospital in Chicago after stealing 600GB of delicate information from its programs and inflicting operational disruptions that led to delays in medical care.