BianLian Ransomware Group Attacks Longview Oral Surgery, Exposes 1.8TB Data

Incident Date:

June 21, 2024

World map

Overview

Title

BianLian Ransomware Group Attacks Longview Oral Surgery, Exposes 1.8TB Data

Victim

Longview Oral & Maxillofacial Surgery

Attacker

Bianlian

Location

Longview, USA

Washington, USA

First Reported

June 21, 2024

Ransomware Attack on Longview Oral & Maxillofacial Surgery by BianLian Group

Company Profile: Longview Oral & Maxillofacial Surgery

Longview Oral & Maxillofacial Surgery, PLLC, a specialized medical practice based in Longview, Texas, focuses on a range of procedures from dental implants to facial trauma surgery. With a team of highly skilled oral surgeons, the practice is known for its advanced technological integration and comprehensive care, making it a prominent healthcare provider in the region. Despite its strong reputation, the company's size and the sensitive nature of the data it handles make it a potential target for cyberattacks.

Details of the Ransomware Attack

The BianLian ransomware group has claimed responsibility for a significant breach at Longview Oral & Maxillofacial Surgery, resulting in the compromise of 1.8 TB of sensitive data. This data includes financial details, HR information, patient records, and biometric data, which were disclosed on BianLian's dark web leak site. The attack not only threatens the privacy of patients and employees but also poses severe reputational risks to the practice.

Profile of the Ransomware Group: BianLian

BianLian, originally a banking trojan, has evolved into a formidable ransomware group known for its sophisticated attacks on various sectors, particularly healthcare. The group utilizes advanced tactics such as exploiting Remote Desktop Protocol (RDP) vulnerabilities and custom backdoors for initial access, followed by extensive data exfiltration. BianLian's shift to focusing on data theft rather than just encryption highlights its strategic evolution to maximize impact and profit.

Potential Entry Points and Security Implications

The likely vector for the BianLian attack on Longview Oral & Maxillofacial Surgery could have been through compromised RDP credentials, a common entry point exploited by this group. The extensive amount of exfiltrated data suggests that the practice may not have had sufficient endpoint detection and response systems in place, underscoring the need for robust cybersecurity measures in the healthcare sector.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.