Boston Children's Health Physicians told to pay up or face leak by ransomware group

Hospital
Image credit: Pexels (Image credit: Pexels)

Infamous ransomware group BianLian has claimed responsibility for a cyberattack which recently targeted Boston Children's Health Physicians (BCHP).

It’s not yet clear how much the ransom demand is, or the group’s deadline. The BCHP confirmed on September 6 it identified unusual activity and by the 10th, systems had been shut down due to unauthorized access detected within the network.

The compromised information is said to contain patient, employee, and guarantor information, including social security numbers, medical record numbers, health insurance, and billing information, as well as personally identifiable data like full names and dates of birth.

BianLian crosses the line

The threat actor claims to have an unspecified amount of finance and HR data, as well as the health records, insurance details, and email correspondence relating to children treated by the organization.

Healthcare organizations have not been off the cards for cyberattacks and have become one of the most popular targets for ransomware due to the sensitive nature of the data they hold and the high stakes of their operations.

Whilst hospitals are not off the cards, targeting an organization that exclusively deals with children is pretty rare, as most ransomware groups would consider that particularly morally egregious.

In fact, last year infamous group Lockbit issued a formal apology for targeting a children’s hospital in Canada, admitting the attack violated its rules of engagement. After the incident, the group said in a statement that it removed the affiliate and blocked them from the group.

Lockbit gave back the decryptor for free and affirmed that it forbids affiliates from encrypting endpoints whose operations are crucial to save patient’s lives.

Via BleepingComputer

More from TechRadar Pro

Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.