Enterprise networking provider ATSG this week confirmed it notified 909,469 people about a September 2024 data breach that compromised names, Social Security numbers, addresses, dates of birth, and driver’s license numbers. The breach was previously reported in part by Boston Children’s Health Physicians, a client of ATSG.
Ransomware gang BianLian claimed responsibility for the breach, which claimed to steal finance data, human resources data, email correspondence, databases, patients’ personal and health information, health insurance records, and children’s data.
ATSG has not verified BianLian’s claim. We do not yet know whether ATSG paid a ransom, how much BianLian demanded, or how attackers breached ATSG’s network. Comparitech contacted ATSG for comment and will update this article if it responds.
This is the third-largest breach on a healthcare company so far this year, following Acadian Ambulance (attacked by Daixin in June 2024, affecting 2,896,985 records) and Rite Aid (attacked by RansomHub in June 2024, affecting 2.2 million records).
Boston’s Children’s Health Physicians offered victims free credit monitoring, but ATSG hasn’t publicly disclosed whether it will offer the same to other victims.
BCHP told Comparitech in an email, “Regrettably, one of our IT vendors recently experienced a cybersecurity incident, which impacted several of its customers and resulted in unauthorized activity on limited parts of our network.”
Who is BianLian?
First appearing in late 2021, BianLian has claimed 60 confirmed ransomware attacks that compromised 2.9 million records. The group used to extort victims twice, demanding one ransom in exchange for a decryption key to restore systems, and a second ransom for not selling or publicly releasing stolen data. However, the FBI says BianLian, like many other ransomware groups, has stopped encrypting systems and now solely extorts victims for stolen data.
BianLian has claimed several attacks against healthcare-related targets, including Murfreesboro Medical Clinic (hit in April 2023, affecting 559,000 records), Affiliated Dermatologists & Dermatologic Surgeons P.A. (hit in March 2024, affecting 373,379 records), and Texas Retina Associates (hit in April 2024, affecting 312,867 records).
Ransomware attacks on US healthcare
Comparitech researchers logged 72 confirmed ransomware attacks on US healthcare targets claimed in 2024 so far, compromising 11.7 million records. The average ransom demand in 2024 for these attacks is $813,000.
In other healthcare ransomware news this week, Fairfield Memorial Hospital Association started issuing data breach notices following a June 2024 attack by LockBit.
About ATSG
ATSG, Inc is an enterprise network, cloud, and IT security provider based in New York City. It serves large businesses in a range of industries including finance, healthcare, e-commerce, education, insurance, legal, and lending. ATSG employs between 500 and 1,000 people, according to its LinkedIn profile.