Boston Children's Health Physicians was claimed to be compromised by the BianLian ransomware operation in an attack against its third-party IT vendor last month — which the health provider said resulted in the exfiltration of individuals' names, birthdates, addresses, Social Security numbers, health insurance details, medical record numbers, driver's licenses, billing details, and limited treatment data, but not its electronic medical record systems — according to BleepingComputer.
In a post on its extortion portal earlier this week, BianLian alleged the theft of BCHP's emails, finance and HR data, personally identifiable information and health records, database dumps, health insurance records, and child-related data although the lack of any data leak and ransom payment deadline suggests possible negotiations with the health provider. Such a development comes months after Chicago-based Lurie Children's Hospital was demanded by the Rhysida ransomware group to shell out $3.6 million in exchange for the 600 GB of data exfiltrated from its systems.