Mohawk Valley Cardiology PC Hit by BianLian Ransomware, 80GB Data Compromised

Incident Date:

August 18, 2024

World map

Overview

Title

Mohawk Valley Cardiology PC Hit by BianLian Ransomware, 80GB Data Compromised

Victim

Mohawk Valley Cardiology PC

Attacker

Bianlian

Location

Utica, USA

New York, USA

First Reported

August 18, 2024

BianLian Ransomware Group Targets Mohawk Valley Cardiology PC

Mohawk Valley Cardiology PC, a specialized medical practice located in Utica, New York, has fallen victim to a ransomware attack orchestrated by the BianLian group. The attack, which was discovered on August 19, has resulted in the compromise of 80GB of sensitive data, including accounting records, medical and personal information, pharmaceutical data, insurance details, network users' personal folders, files from the president's PC, and fileserver data.

About Mohawk Valley Cardiology PC

Mohawk Valley Cardiology PC is a reputable cardiac care provider serving the greater Mohawk Valley area. The practice offers a comprehensive range of services aimed at diagnosing and treating various cardiovascular conditions. Their specialties include interventional cardiology, diagnostic tests such as EKGs and echocardiograms, and ongoing patient monitoring through Holter and event monitoring. The clinic is known for its patient-centered approach, ensuring tailored treatment plans for individual health needs. The practice also facilitates patient engagement through an online portal, enhancing the overall patient experience.

Vulnerabilities and Impact

The clinic, which generates over $5 million in revenue, is now facing significant data security challenges. The extensive array of services and the integration of technology for patient engagement make Mohawk Valley Cardiology PC a prime target for ransomware attacks. The stolen data includes highly sensitive information, posing severe financial, business, and legal consequences for the clinic. The BianLian group has threatened to upload the stolen data and is open to negotiations for its protection.

About the BianLian Ransomware Group

BianLian is a sophisticated ransomware group known for its evolution from targeting individual users to launching high-profile attacks on businesses and healthcare facilities globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, and employing various tools for discovery, lateral movement, collection, exfiltration, and impact.

Penetration and Distinguishing Tactics

BianLian's tactics have evolved to include exfiltration of sensitive data, leading to significant financial and reputational consequences for compromised organizations. The group's shift from a double extortion model to primarily exfiltration-based extortion underscores their sophisticated approach. The attack on Mohawk Valley Cardiology PC highlights the urgent need for enhanced cybersecurity measures to combat the growing threat posed by ransomware groups like BianLian.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.