Ransomware Attack on Augusta-Aiken Orthopedic: 2.5TB Data Breach
Incident Date:
July 26, 2024
Overview
Title
Ransomware Attack on Augusta-Aiken Orthopedic: 2.5TB Data Breach
Victim
Augusta-Aiken Orthopedic Specialists
Attacker
Bianlian
Location
First Reported
July 26, 2024
Ransomware Attack on Augusta-Aiken Orthopedic Specialists by BianLian
Overview of Augusta-Aiken Orthopedic Specialists
Augusta-Aiken Orthopedic Specialists is a comprehensive orthopedic medical practice serving the Augusta, Georgia, and Aiken, South Carolina areas. Formed through the merger of Augusta Orthopedic & Sports Medicine Specialists and the Carolina Musculoskeletal Institute, the practice has been providing high-quality orthopedic care for over 40 years. They offer a wide range of services, including joint replacement surgery, spine surgery, sports medicine, hand and wrist surgery, and fracture and trauma care. The practice operates from multiple locations, including a main office in Aiken and a surgery center in Augusta.
Details of the Ransomware Attack
On July 29, 2024, Augusta-Aiken Orthopedic Specialists fell victim to a ransomware attack orchestrated by the BianLian group. The attack resulted in a significant data breach, compromising approximately 2.5 terabytes of sensitive information. The leaked data includes personal information, accounting and financial records, patient medical and personal data, as well as email and message archives. The practice, which generates an annual revenue of $10 million, now faces the challenge of addressing the fallout from this cyberattack and safeguarding the privacy and security of their patients and staff.
About the BianLian Ransomware Group
BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses, governmental organizations, healthcare facilities, and educational institutions globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, using PowerShell and Windows Command Shell for defense evasion, and employing various tools for discovery, lateral movement, collection, exfiltration, and impact.
Vulnerabilities and Penetration Tactics
Augusta-Aiken Orthopedic Specialists, like many healthcare organizations, is a prime target for ransomware groups due to the sensitive nature of the data they handle. The BianLian group likely penetrated the company's systems through compromised RDP credentials, a common vulnerability in many organizations. Once inside, they used advanced tactics to implant custom backdoors, evade defenses, and exfiltrate sensitive data. The healthcare sector's reliance on digital records and the critical nature of their services make them particularly vulnerable to such attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.