Ransomware gang BianLian claims cyber attack on Boston Children’s Health Physicians

Ransomware gang BianLian has added Boston Children’s Health Physicians (BCHP) to its data leak site. It alleges that a variety of data, including children’s data and health insurance records, was stolen.

BCHP began issuing data breach notifications at the beginning of October. In these letters it said names, Social Security numbers, addresses, dates of birth, and/or driver’s license numbers were affected. It also posted a notice on its website confirming a cyber attack had occurred on September 10, 2024.

The notice reads:

On September 6, 2024, our IT vendor informed us that it identified unusual activity in its systems. On September 10, 2024, we detected unauthorized activity on limited parts of the BCHP network and immediately initiated our incident response protocols, including shutting down our systems as a protective measure. We also began an investigation with a third-party forensic firm and determined that an unauthorized third-party gained access to our network on September 10, 2024, and took certain files from our network.

It sounds like BianLian may have been able to infiltrate BCHP’s systems via its IT vendor. BCHP hasn’t confirmed BianLian’s claims and whether or not a ransom was demanded and/or paid. We have contacted them for more information and will update this article if they respond.

In the meantime, we recommend those affected take up BCHP’s offer of a complimentary one-year membership to Experian’s identity theft and credit monitoring program.

Who is BianLian?

First appearing in late 2021, BianLian has been confirmed as the group behind 60 ransomware attacks, according to our data. These attacks have affected nearly 2 million records in total with some of the biggest breaches being on the US healthcare sector.

Other US healthcare companies affected by BianLian include Murfreesboro Medical Clinic (hit in April 2023, affecting 559,000 records), Affiliated Dermatologists & Dermatologic Surgeons P.A. (hit in March 2024, affecting 373,379 records), and Texas Retina Associates (hit in April 2024, affecting 312,867 records).

BianLian used to extort victims twice, demanding one ransom in exchange for a decryption key to restore systems, and a second ransom for not selling or publicly releasing stolen data. However, the FBI has stated that, like many other ransomware groups, BianLian has stopped encrypting systems and now solely extorts victims for stolen data.

We have also tracked 105 unconfirmed attacks via BianLian this year so far.

Ransomware attacks on the US healthcare sector

So far this year, we’ve tracked 71 confirmed attacks on US healthcare companies. These attacks have affected nearly 7.3 million records. These figures are a significant decline on those noted in 2023 (140 attacks affecting nearly 23.8 million records).

The average ransom across these two years has been $1.05 million.

Other recently confirmed attacks on US healthcare companies include South Texas Oncology and Hematology, PLLC (affecting 175,195 records), Omni Family Health, and Axis Health System (hit with a $1.5M ransom from Rhysida). California’s Tri-City Medical Center recently increased its data breach figure to over 108,000 following an attack in July 2024.

We have also noted 130 unconfirmed attacks on US healthcare companies this year so far.

About Boston Children’s Health Physicians (BCHP)

The BCHP network covers New York and Connecticut, specializing in comprehensive care for newborns, children, and adolescents. It also includes Boston Children’s Hospital in Massachusetts, which is the primary teaching hospital of Harvard Medical School.