Notorious ransomware group BianLian has claimed responsibility for a cyberattack that recently targeted Boston Children’s Health Physicians (BCHP).
It is not yet clear how much ransom is being demanded, or what the group’s deadline is. The BCHP confirmed on September 6 that it had identified unusual activity and on September 10 the systems were disabled due to unauthorized access detected within the network.
The compromised information allegedly included patient, employee and guarantor information, including social security numbers, medical record numbers, health insurance and billing information, as well as personally identifiable data such as full names and dates of birth.
BianLian crosses the line
The threat actor claims to have an unspecified amount of financial and HR data, as well as health records, insurance information and email correspondence relating to children treated by the organization.
Healthcare organizations are not immune to cyber attacks and have become one of the most popular targets for ransomware due to the sensitive nature of the data they hold and the high stakes of their operations.
While hospitals are not out of the question, attacking an organization that deals exclusively with children is quite rare, as most ransomware groups would consider it particularly morally egregious.
Last year, the infamous Lockbit group even issued a formal apology for attacking a children’s hospital in Canada, admitting that the attack violated its rules of engagement. After the incident, the group said in a statement that it had removed the affiliate and blocked him from the group.
Lockbit returned the decryptor for free and confirmed that it prohibits affiliates from encrypting endpoints whose operations are critical to saving patients’ lives.
Via BleepingComputer