Skip to content

BianLian Threat Group Claims Responsibility for Cyberattack on Boston Children’s Health Physicians

October 21, 2024 – Published on The HIPAA Journal

Boston Children’s Health Physicians (BCHP), a Valhalla, NY-based multi-specialty pediatric group serving newborns and children in New York and Connecticut, has confirmed that its IT vendor fell victim to a cyberattack. 

The IT vendor notified BCHP on September 6, 2024, that unusual activity had been identified in the IT vendor’s systems. On September 10, 2024, BCHP identified unauthorized activity within its own network and immediately implemented its incident response protocols, which included shutting down systems as a protective measure. Assisted by a third-party digital forensics firm, BCHP learned that on September 10, 2024, an unauthorized third party gained access to certain parts of its network and exfiltrated files that included information related to current and former employees, patients, and guarantors.

BCHP did not disclose further details of the attack such as the threat actor involved; however, the BianLian threat group has claimed responsibility for the attack and has added BCHP to its dark web data leak site.

BianLian is a threat group that has been active since at least June 2022 that actively targets critical infrastructure entities, including healthcare providers. The group is known to use double extortion tactics, where sensitive data is exfiltrated and files are encrypted, although the group has largely switched to extortion-only attacks, skipping file encryption. Payment of the ransom is required to prevent the stolen data from being listed on its data leak site.

According to GuidePoint Security, BianLian is one of the top three threat groups targeting the healthcare sector this year. 

Read More HERE.