DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Boston Children’s Health Physicians notifies employees and patients of September cyberattack

Posted on October 16, 2024October 16, 2024 by Dissent

While it’s never good news that another medical entity has fallen prey to a cyberattack, in this day and age, it is somewhat impressive when an entity responds promptly.

On October 4, Boston Children’s Health Physicians (BCHP), a medical practice in New York and Connecticut, mailed letters to affected current and former employee, patient, and guarantors. In a substitute notice on their website, they explained that their IT vendor notified them on September 6 that it had identified unusual activity in its systems.

On September 10, 2024, we detected unauthorized activity on limited parts of the BCHP network and immediately initiated our incident response protocols, including shutting down our systems as a protective measure. We also began an investigation with a third-party forensic firm and determined that an unauthorized third-party gained access to our network on September 10, 2024, and took certain files from our network.

The files acquired varied by individual and may have included names, Social Security numbers, addresses, dates of birth, driver’s license numbers, medical record numbers, health insurance information, billing information, and/or limited treatment information.

The EMR system was not involved in this incident.

BCHP’s substitute notice does not indicate the total number of people affected, nor the date range of any patient data.

Additional information about mitigation services be offered can be found on Boston Children’s Health Physicians site and in the letter sent out to those affected.

BianLian Claims Responsibility

Yesterday, BianLian added BCHP to its leak site. They did not provide any proof of claims or estimate of the amount of files acquired, but they claim that they obtained:

  • Finance data
  • HR data
  • Mailboxes & internal and external email correspondence
  • Databases exports
  • PII and PHI records
  • Health insurance records
  • Children’s and minors’ data

Their claims are generally consistent with what BCHP described for the types of PII and PHI involved.

BianLian does have a history of following through and leaking all data if their victims do not pay their demands, so those potentially affected may want to assume the worst and make sure they take steps to protect themselves, such as putting a security freeze on their credit report if their identity information was acquired, and checking any insurance explanation of benefits statements going forward to make sure their insurance information hasn’t been misused by others.

Category: Breach IncidentsHackHealth Data

Post navigation

← Cisco investigates breach after stolen data for sale on hacking forum
Virginia Contractor Settles False Claims Act Liability for Failing to Secure Medicare Beneficiary Data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.