BianLian Ransomware Group Hits US Dermatology Partners, Exfiltrates 300GB Data

Incident Date: Jun 25, 2024

Attack Overview
VICTIM
US Dermatology Partners
INDUSTRY
Hospitals & Physicians Clinics
LOCATION
USA
ATTACKER
Bianlian
FIRST REPORTED
June 25, 2024

BianLian Ransomware Group Targets US Dermatology Partners

Overview of US Dermatology Partners

US Dermatology Partners is one of the largest dermatology practices in the United States, offering comprehensive medical, surgical, and cosmetic dermatological care. The practice operates over 100 locations across eight states and serves more than two million patients annually. Their services range from treating common skin conditions like acne and eczema to managing complex issues such as skin cancer. The practice is particularly known for its expertise in Mohs micrographic surgery, a precise method for treating skin cancer.

US Dermatology Partners is expanding its reach by opening 30 new locations in the next three years, aiming to address healthcare inequities and improve early detection of skin conditions. The company is physician-owned and includes recognized national leaders in dermatology subspecialties.

Details of the Ransomware Attack

Recently, US Dermatology Partners fell victim to a ransomware attack orchestrated by the BianLian group. The attackers claimed to have exfiltrated 300 GB of sensitive data, including personal information, financial details, accounting data, budget information, employee profiles, contracts, and non-disclosure agreements. This attack has raised significant concerns about the security of patient data and the potential financial and reputational impact on the organization.

Profile of the BianLian Ransomware Group

BianLian is a sophisticated ransomware group known for its high-profile attacks on various sectors, including healthcare, financial institutions, and governmental organizations. Initially functioning as a banking trojan, BianLian has evolved into a formidable ransomware operation. The group employs advanced tactics such as compromised Remote Desktop Protocol (RDP) credentials, custom backdoors, and tools for lateral movement and data exfiltration.

BianLian has shifted from a double extortion model to primarily exfiltration-based extortion, threatening victims with severe consequences if ransom demands are not met. The group's global reach and focus on sectors with sensitive data make it a significant threat in the cybersecurity landscape.

Potential Vulnerabilities and Penetration Methods

US Dermatology Partners, like many healthcare organizations, is a prime target for ransomware groups due to the sensitive nature of the data they handle. The BianLian group likely penetrated the company's systems through compromised RDP credentials, a common entry point for ransomware attacks. Once inside, the attackers used custom backdoors and various tools to navigate the network, exfiltrate data, and deploy ransomware.

The healthcare sector's reliance on interconnected systems and the need for rapid access to patient data can create vulnerabilities that threat actors exploit. Ensuring robust cybersecurity measures and regular system audits are crucial for mitigating such risks.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.