Boston Children’s Health Physicians (BCHP), a network of 60 regional offices connected to Boston Children’s Hospital, has been the victim of a cyberattack.
Though the healthcare provider quickly activated its cybersecurity protocols, the attack compromised its patient data.
BrianLian, a hacking group, has already claimed responsibility for the breach and plans to sell the stolen data on the dark web.
Here’s everything you need to know about the Boston Children’s Health data breach.
Details of Boston Children’s Health Data Breach
Boston Children’s Health Physicians, a network of 60 regional offices connected to Boston Children’s Hospital, first detected suspicious activity on its systems on September 6th.
It was facilitated by a security flaw in the systems of an IT vendor. Concerned about the potential security breach, the organisation took immediate action and shut down its systems on September 10th.
A subsequent investigation confirmed that hackers had infiltrated the network and stolen sensitive patient data, including Social Security numbers, addresses, medical records, insurance information, billing details, and treatment histories.
On October 4th, after a month of the incident, the organisation began notifying affected patients via mail and established a dedicated call centre to provide assistance.
Currently, BCHP is also providing complimentary credit monitoring and credit protection services for affected patients. The provider has also implemented additional safeguards to protect and monitor their systems.
The culprits
The BianLian ransomware gang claimed responsibility for the attack after a week of the notification. This notorious group gained notoriety last year after targeting the global nonprofit Save the Children.
The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) have identified BianLian as a significant threat, highlighting its attacks on critical infrastructure sectors in the U.S. since June 2022.
Cyberattacks and healthcare
Cyberattacks on healthcare organisations have become increasingly prevalent in recent times. Recent notable data breaches include the Star Health data breach that compromised the personal information of over 3 crore policyholders and the UMC data breach that caused delay and diversions.
Additionally, Texas Tech Health El Paso has been grappling with a cyberattack that has disrupted IT services for weeks.
In the past year alone, Microsoft reported a staggering 389 US-based healthcare institutions falling victim to ransomware attacks.
Such sensitive health and payment data in the hands of criminals can have significant consequences from identity thefts to insurance frauds and a lot more.
Unfortunately, Boston Children’s Hospital is no stranger to cyber threats. It has faced multiple cyberattacks over the past decade.
A notable incident occurred in June 2021 when Iranian state-sponsored hackers launched a devastating attack, described by FBI Director Christopher Wray as one of the most reprehensible cyberattacks ever witnessed.
Furthermore, a high-profile distributed denial of service attack targeted Boston Children’s Hospital in 2014.
By Rohini Kundu and AHT Team
