Alegria Family Services (AFS) provides residential and community services to adults with developmental disabilities in New Mexico under a contract with the New Mexico Department of Health.
They are not a large organization with vast resources, yet BianLian decided they would target them with a ransomware attack. Maybe they saw a ZoomInfo listing showing $7 million in revenue and didn’t understand that funds from the state and federal government under Medicaid or other programs are not revenue the agency can reallocate. Providing community inclusion programs for severely disabled adults is not something people go into to make a profit or buy a Lambo. I wish ransomware groups learned to lay off these entities trying to make a real difference in people’s lives.
In a listing on their leak site, BianLian claimed they had acquired internal records, personnel-related files, and client data. They did not list how much data they exfiltrated in total.
DataBreaches spoke with someone from AFS today. AFS was not sure they knew how BianLian had managed to gain access, but they knew that BianLian managed to evade AV protections by breaking files into small units. They also know that BianLian succeeded in locking AFS’s current files and even their cloud-based backup. And they say they know that they cannot pay BianLian’s ransom demand.
AFS was in the middle of running a backup when the ransomware was triggered, which was how the cloud backup was locked. They tell DataBreaches that they have a usable Windows backup created three days before the attack, but all archived files and records going back six years are in the locked cloud backup.
Despite the challenges, AFS made a somewhat extraordinary decision to personally call every single client to explain what happened to them. Given their clients’ cognitive challenges, they felt that a letter would not be appropriate, and they want to ensure that their clients and caretakers understand what happened.
Given their current caseload, they have about 100 phone calls to make to explain and ensure their clients understand.
And then, when that’s done, they’ll start trying to call every client they’ve had for the past six years. Locating those clients’ phone numbers to call them may not always be possible, and they may have to send letters or post a substitute notice, but they intend to try.
As of publication time, BianLian has not leaked data from AFS or a second entity in the healthcare space that it also claims to have attacked.