Ransomware Attack on Augusta-Aiken Orthopedic: 2.5TB Data Breach
Ransomware Attack on Augusta-Aiken Orthopedic Specialists by BianLian
Overview of Augusta-Aiken Orthopedic Specialists
Augusta-Aiken Orthopedic Specialists is a comprehensive orthopedic medical practice serving the Augusta, Georgia, and Aiken, South Carolina areas. Formed through the merger of Augusta Orthopedic & Sports Medicine Specialists and the Carolina Musculoskeletal Institute, the practice has been providing high-quality orthopedic care for over 40 years. They offer a wide range of services, including joint replacement surgery, spine surgery, sports medicine, hand and wrist surgery, and fracture and trauma care. The practice operates from multiple locations, including a main office in Aiken and a surgery center in Augusta.
Details of the Ransomware Attack
On July 29, 2024, Augusta-Aiken Orthopedic Specialists fell victim to a ransomware attack orchestrated by the BianLian group. The attack resulted in a significant data breach, compromising approximately 2.5 terabytes of sensitive information. The leaked data includes personal information, accounting and financial records, patient medical and personal data, as well as email and message archives. The practice, which generates an annual revenue of $10 million, now faces the challenge of addressing the fallout from this cyberattack and safeguarding the privacy and security of their patients and staff.
About the BianLian Ransomware Group
BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses, governmental organizations, healthcare facilities, and educational institutions globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, using PowerShell and Windows Command Shell for defense evasion, and employing various tools for discovery, lateral movement, collection, exfiltration, and impact.
Vulnerabilities and Penetration Tactics
Augusta-Aiken Orthopedic Specialists, like many healthcare organizations, is a prime target for ransomware groups due to the sensitive nature of the data they handle. The BianLian group likely penetrated the company's systems through compromised RDP credentials, a common vulnerability in many organizations. Once inside, they used advanced tactics to implant custom backdoors, evade defenses, and exfiltrate sensitive data. The healthcare sector's reliance on digital records and the critical nature of their services make them particularly vulnerable to such attacks.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!