Boston Children’s Health Physicians, a pediatric group practicing in New York and Connecticut, recently faced a cyber incident involving a ransomware gang known as BianLian. The gang threatened to release stolen patient and employee data, claiming the incident occurred in September and involved an unnamed IT vendor.
The practice took action upon being notified by the vendor of unusual activity in its systems on September 6. Subsequently, on September 10, unauthorized activity was detected on limited parts of the BCHP network. In response, BCHP initiated its incident response protocols, including shutting down systems as a protective measure. The investigation revealed that an unauthorized third party gained access to the network on September 10 and extracted certain files.
BianLian listed Boston Children’s Health Physicians on its dark web site, asserting that they have various data from the practice, including financial data, HR data, mailboxes, email correspondences, and protected health information. BCHP confirmed that the compromised files contained information on current and former employees, patients, and guarantors, including sensitive data like Social Security numbers, addresses, dates of birth, and medical record numbers. However, the electronic medical record systems were unaffected as they operate on a separate network.
In response to the incident, BCHP engaged cybersecurity experts, notified law enforcement, and implemented additional security measures to safeguard their systems. The practice emphasized its commitment to protecting networks and ensuring the security of affected individuals. BCHP acknowledged that the impact of the incident extended to several customers of the IT vendor involved.
Despite the severity of the breach, Boston Children’s Health Physicians has not yet disclosed the number of individuals affected or the identity of the IT vendor implicated. The pediatric group operates over 60 offices in the New York metropolitan area, the Hudson Valley, and Connecticut, as part of the Boston Children’s Hospital care network.
The incident involving BCHP has not been reported on the U.S. Department of Health and Human Services’ HIPAA Breach Reporting Tool website, which tracks health data breaches affecting a significant number of individuals. Legal experts emphasize the growing threat posed by criminal ransomware attacks targeting healthcare organizations, highlighting the need for robust cybersecurity measures to mitigate risks.
As ransomware attacks continue to evolve in sophistication and frequency, healthcare entities face a pressing challenge to secure protected health information and maintain HIPAA compliance. The rise of ransomware-as-a-service groups like BianLian underscores the urgency for organizations to enhance their cybersecurity defenses and fortify their resilience against cyber threats.
The impact of ransomware attacks on healthcare providers goes beyond financial losses, posing a direct threat to patient care and safety. By targeting institutions dedicated to delivering critical healthcare services, cybercriminals jeopardize the well-being of vulnerable patients and disrupt essential medical operations.
Overall, the cybersecurity incident involving Boston Children’s Health Physicians serves as a stark reminder of the persistent threat posed by ransomware to the healthcare industry. With cyberattacks on the rise and the potential for significant harm to individuals and organizations, the imperative for proactive cybersecurity measures and regulatory compliance in safeguarding sensitive data has never been more vital.
Albanian 
English 
Serbian 
Croatian 