Ransomware Attack on Texas Infectious Disease Center by BianLian Group
Ransomware Attack on Texas Centers for Infectious Disease Associates by BianLian Group
Texas Centers for Infectious Disease Associates (TCIDA), a healthcare organization specializing in the diagnosis, treatment, and management of infectious diseases, recently fell victim to a ransomware attack orchestrated by the BianLian group. The cybercriminals claim to have infiltrated the organization's systems, exfiltrating a substantial 300 GB of sensitive data.
About Texas Centers for Infectious Disease Associates
Founded in 1997 by Dr. Daniel Barbaro, TCIDA operates out of Fort Worth, Texas, and is recognized for its comprehensive approach to infectious diseases. The organization provides specialized services, including the distribution of vaccines for COVID-19 and Monkeypox, particularly targeting high-risk patients. TCIDA employs a team of experienced healthcare professionals, including infectious disease specialists, nurses, and support staff, who work collaboratively to provide high-quality care. The center focuses on both outpatient and inpatient services, ensuring continuous care throughout the treatment journey.
Attack Overview
The ransomware attack on TCIDA was claimed by the BianLian group via their dark web leak site. The compromised information reportedly includes accounting records, medical and personal data, personal folders of network users, files from the president's computer, and data from the fileserver. This breach highlights the vulnerabilities in TCIDA's cybersecurity measures, making them a target for sophisticated ransomware groups.
About the BianLian Ransomware Group
BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses, governmental organizations, healthcare facilities, and educational institutions globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, using PowerShell and Windows Command Shell for defense evasion, and employing various tools for discovery, lateral movement, collection, exfiltration, and impact.
Penetration and Impact
BianLian's tactics have evolved to include exfiltration of sensitive data, leading to significant financial and reputational consequences for compromised organizations. The group's shift towards exfiltration-based extortion and its global reach underscore the evolving threat landscape posed by ransomware groups. In the case of TCIDA, the attack has exposed critical vulnerabilities in their cybersecurity infrastructure, emphasizing the need for enhanced security measures to protect sensitive healthcare data.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!