BianLian Ransomware Group Attacks Longview Oral Surgery, Exposes 1.8TB Data

Incident Date: Jun 21, 2024

Attack Overview
VICTIM
Longview Oral & Maxillofacial Surgery
INDUSTRY
Hospitals & Physicians Clinics
LOCATION
USA
ATTACKER
Bianlian
FIRST REPORTED
June 21, 2024

Ransomware Attack on Longview Oral & Maxillofacial Surgery by BianLian Group

Company Profile: Longview Oral & Maxillofacial Surgery

Longview Oral & Maxillofacial Surgery, PLLC, a specialized medical practice based in Longview, Texas, focuses on a range of procedures from dental implants to facial trauma surgery. With a team of highly skilled oral surgeons, the practice is known for its advanced technological integration and comprehensive care, making it a prominent healthcare provider in the region. Despite its strong reputation, the company's size and the sensitive nature of the data it handles make it a potential target for cyberattacks.

Details of the Ransomware Attack

The BianLian ransomware group has claimed responsibility for a significant breach at Longview Oral & Maxillofacial Surgery, resulting in the compromise of 1.8 TB of sensitive data. This data includes financial details, HR information, patient records, and biometric data, which were disclosed on BianLian's dark web leak site. The attack not only threatens the privacy of patients and employees but also poses severe reputational risks to the practice.

Profile of the Ransomware Group: BianLian

BianLian, originally a banking trojan, has evolved into a formidable ransomware group known for its sophisticated attacks on various sectors, particularly healthcare. The group utilizes advanced tactics such as exploiting Remote Desktop Protocol (RDP) vulnerabilities and custom backdoors for initial access, followed by extensive data exfiltration. BianLian's shift to focusing on data theft rather than just encryption highlights its strategic evolution to maximize impact and profit.

Potential Entry Points and Security Implications

The likely vector for the BianLian attack on Longview Oral & Maxillofacial Surgery could have been through compromised RDP credentials, a common entry point exploited by this group. The extensive amount of exfiltrated data suggests that the practice may not have had sufficient endpoint detection and response systems in place, underscoring the need for robust cybersecurity measures in the healthcare sector.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.