Ransomware

Lindsay Municipal Hospital Cyberattack Claimed By BianLian

This incident at Lindsay Municipal Hospital is not an isolated one but rather a part of a larger campaign targeting hospitals across the United States.

by Ashish Khaitan March 11, 2024 in Firewall Daily, Hacker Claims Reading Time: 4 mins read 0

589 SHARES 3.3k VIEWS Share on LinkedInShare on Twitter

The has been claimed by the group. This nefarious organization, known for its disruptive tactics, allegedly breached the security measures of the hospital's system, adding another institution to its list of targets within the United States.

Accompanying their claims were brief insights into the Lindsay Municipal Hospital's profile and its history of service to the Lindsay community and its surrounding areas.

The hospital, boasting a 26-bed acute care facility, also housed a Level IV emergency department, a full-service laboratory, and a radiology department offering essential services such as x-rays, ultrasounds, and CT scans.

Alleged Lindsay Municipal Hospital Cyberattack Claims on Dark Web

Source: X

The Cyber Express has reached out to the hospital to learn more about this Lindsay Municipal Hospital cyberattack. However, at the time of writing this, no official statement or response has been recorded, leaving the claims for the Lindsay Municipal Hospital cyberattack stand unverified. 

Interestingly, while the website for Lindsay Municipal Hospital appeared to be operational, showing no immediate signs of the cyberattack, experts speculated that the BianLian ransomware group might have targeted the backend infrastructure rather than launching a front-end assault such as a Distributed Denial of Service (DDoS) attack.

This incident at Lindsay Municipal Hospital is not an isolated one but rather a part of a larger campaign targeting hospitals across the United States. Just weeks prior, on February 21st, , a subsidiary of UnitedHealth Group, fell victim to a similar cybersecurity breach. 

Cyberattacks on US Hospitals: A Targeted Campaign

Described by industry experts and officials as one of the most serious cyberattacks in the history of the U.S. healthcare system, the breach at Change Healthcare disrupted critical services, including the transmission of patients' healthcare claims and financial transactions.

Although the outage did not directly impact patient care systems, it exposed a glaring vulnerability in the nation's healthcare infrastructure, causing widespread frustration and financial instability.

Additionally, the impact of a cyberattack on Change Healthcare reverberates across healthcare systems, affecting payment pipelines, insurance authorization, and medical records. With 14 billion annual transactions, the disruption extends beyond pharmacies, impacting hospitals' revenue and patient care verification. 

CommonWell, a medical records-sharing institution relying on Change technology, halted services, affecting 208 million individuals. The suspected perpetrator, , known as BlackCat, has a history of ransomware attacks, prompting global law enforcement action. 

Who is the BianLian Ransomware Group?

BianLian, a ransomware group, has been targeting critical infrastructure sectors in the U.S. and Australia since June 2022. They exploit RDP credentials, use open-source tools for discovery, and extort data via FTP or Rclone. FBI, CISA, and ACSC advise implementing mitigation strategies to prevent ransomware attacks.

Moreover, a detailed analysis by GuidePoint Security's GRIT team sheds light on BianLian's modus operandi. According to the report by Drew Schmitt, BianLian's PowerShell backdoor, is linked to TeamCity vulnerabilities, providing insights into their tactics. The analysis reveals BianLian's use of a novel PowerShell backdoor, its exploitation of TeamCity flaws, and attribution methods.

Initially employing a double-extortion model, they shifted to exfiltration-based extortion by 2023. FBI and ACSC advise implementing defenses to prevent ransomware attacks. BianLian gains access through compromised RDP credentials and employs various techniques for persistence, lateral movement, and data exfiltration, threatening to publish victim data if ransom demands aren't met. They use tools like PowerShell, Rclone, and FTP for exfiltration, and employ additional tactics like threatening calls and printing ransom notes to pressure victims.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button