The BianLian ransomware group has claimed the cyberattack on Boston Children's Health Physicians (BCHP) and threatens to leak stolen files unless a ransom is paid.
BHCP is a network of over 300 pediatric physicians and specialists operating over 60 locations across New York's Hudson Valley and Connecticut, offering patient care in clinics, community hospitals, and health centers affiliated with Boston Children's Hospital.
According to the
announcement BHCP published on its website, a cyberattack compromised its IT vendor on September 6 and a few days later BHCP detected unauthorized activity on its network.
"On September 6, 2024, our IT vendor informed us that it identified unusual activity in its systems. On September 10, 2024, we detected unauthorized activity on limited parts of the BCHP network and immediately initiated our incident response protocols, including shutting down our systems as a protective measure." - BHCP
The investigation that followed, conducted with the help of a third-party forensic expert, confirmed that the threat actors had gained unauthorized access to BHCP systems and also exfiltrated files.
The exposure impacts current and former employees, patients, and guarantors. The exposed data includes the following, depending on the information customers provided to BHCP:
- Full names
- Social Security numbers
- Addresses
- Dates of birth
- Driver's license numbers
- Medical record numbers
- Health insurance information
- Billing information
- Treatment information (limited)
