BianLian Ransomware Gang Claims Attack on Boston Children’s Health Physicians, Compromising Thousands of Patient Records

MedusaLocker ransomware - BabyLockerKZ

Boston Children’s Health Physicians (BCHP), an organization comprising over 300 physicians across 60 regional offices in New York and Connecticut, has confirmed a significant data breach that compromised sensitive information from thousands of underage patients. The breach, first detected in early September, exposed critical data, including medical record numbers, Social Security numbers, physical addresses, insurance details, and treatment records.

The incident came to light on September 6, when suspicious activity was detected within BCHP’s systems. By September 10, the organization’s management took decisive action, disabling systems to prevent further intrusion. A thorough investigation later revealed that the attackers had successfully exfiltrated patient data from BCHP’s servers.

On October 4, BCHP began notifying affected individuals, while also establishing a dedicated call center to assist those impacted by the breach. Despite these efforts, the organization has yet to submit formal reports to state and federal regulators and has not confirmed whether the attack involved any form of extortion.

Responsibility for the attack has been claimed by the notorious ransomware group, BianLian. Known for their repeated targeting of U.S. critical infrastructure since June 2022, BianLian has garnered the attention of the FBI, CISA, and the Australian Cyber Security Centre for their aggressive campaigns. Healthcare facilities have been a particular focus for the group, with a Comparitech expert revealing, that BianLian orchestrated at least 60 attacks in 2024, affecting approximately two million records.

The damage to the healthcare sector continues to escalate, with cyberattacks inflicting severe disruption on medical institutions. In a related report, Microsoft disclosed that 389 healthcare facilities in the U.S. were impacted by cyberattacks in the last fiscal year. Comparitech highlighted the scale of the threat, noting that, across 71 attacks targeting U.S. healthcare institutions in 2024, a staggering 7.3 million records were compromised.

Related Posts: