Boston Children’s Health Physicians told to pay up or face leak by ransomware group

BianLian has claimed responsibility for the attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Infamousransomwaregroup BianLian has claimed responsibility for a cyberattack which recently targeted Boston Children’s Health Physicians (BCHP).

It’s not yet clear how much the ransom demand is, or the group’s deadline. The BCHP confirmed on September 6 it identified unusual activity and by the 10th, systems had been shut down due to unauthorized access detected within the network.

The compromised information is said to contain patient, employee, and guarantor information, including social security numbers, medical record numbers, health insurance, and billing information, as well aspersonally identifiable datalike full names and dates of birth.

BianLian crosses the line

The threat actor claims to have an unspecified amount of finance and HR data, as well as the health records, insurance details, and email correspondence relating to children treated by the organization.

Healthcare organizations have not been off the cards for cyberattacks and havebecome one of the most popular targets for ransomwaredue to the sensitive nature of the data they hold and the high stakes of their operations.

Whilst hospitals are not off the cards, targeting an organization that exclusively deals with children is pretty rare, as most ransomware groups would consider that particularly morally egregious.

In fact, last year infamous groupLockbit issued a formal apology for targeting a children’s hospitalin Canada, admitting the attack violated its rules of engagement. After the incident, the group said in a statement that it removed the affiliate and blocked them from the group.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Lockbit gave back the decryptor for free and affirmed that it forbids affiliates from encryptingendpointswhose operations are crucial to save patient’s lives.

ViaBleepingComputer

More from TechRadar Pro

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Adobe’s decision to eliminate perpetual licensing for its Elements software has stirred controversy among consumers

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats

Sonos Arc Ultra review: the best one-box Dolby Atmos soundbar for the price, with one grating flaw