Ransomware Attack on Center for Digestive Health by BianLian

Incident Date:

May 18, 2024

World map

Overview

Title

Ransomware Attack on Center for Digestive Health by BianLian

Victim

Center for Digestive Health

Attacker

Bianlian

Location

Orlando, USA

Florida, USA

First Reported

May 18, 2024

Ransomware Attack on Center for Digestive Health by BianLian

The Center for Digestive Health: An Overview

The Center for Digestive Health, a reputable healthcare organization based in Orlando, Florida, specializing in digestive system disorders, recently faced a severe setback in the form of a ransomware attack orchestrated by the notorious group, BianLian. With a rich history spanning over 40 years, the center has established itself as a leader in the field, offering top-notch care through a team of seasoned gastroenterologists and a comprehensive range of clinical services, including anesthesiology, pathology laboratory, and endoscopy.

Targeted by Cybercriminals

As a company with a workforce of 92 employees and an estimated annual revenue of $6.3 million, the Center for Digestive Health operates within the medical offices sector, serving the Orlando community and beyond. Despite its robust presence and dedication to quality healthcare, the organization became a prime target for cybercriminals, falling victim to BianLian's sophisticated attack tactics.

Data Breach and Extortion

The ramifications of this cyberattack were severe, with BianLian managing to breach the organization's website, and pilfer a staggering 2.2 terabytes of sensitive data. Among the compromised information were critical medical records, financial data, contract details, operational documents, and email archives, posing a significant threat to the privacy and security of both patients and the organization itself.

BianLian's Modus Operandi

BianLian, known for its advanced techniques and global targeting of businesses, governmental bodies, and healthcare facilities, operates with a primary goal of extorting hefty ransoms from its victims. Employing tactics such as exfiltration-based extortion, the group instills fear by threatening severe financial and legal repercussions if their demands are not met promptly.

Attack Analysis and Cybersecurity Imperatives

The attack's modus operandi suggests that BianLian likely gained unauthorized access to the Center for Digestive Health's systems through compromised Remote Desktop Protocol (RDP) credentials. Subsequently, the group deployed custom backdoors, leveraged PowerShell and Windows Command Shell for evasion purposes, and utilized various tools to execute data exfiltration and maximize impact. As the organization grapples with the aftermath of this devastating cyber incident, it underscores the pressing need for heightened cybersecurity measures within the healthcare industry. With sources citing information from the Center for Digestive Health's website and insights from cybersecurity experts at Quorum Cyber, it serves as a stark reminder of the ever-evolving threats facing organizations worldwide.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.