Affiliated Dermatologists struck by ransomware attack, 370K impacted


Affiliated Dermatologists (AD) have suffered a ransomware attack, revealing the personally identifiable information (PII) of patients and employees.

AD learned that a malicious actor had accessed its systems and left a ransom note on its network.

On April 10th, 2024, the dermatologist center determined that between March 2nd and March 5th, 2024, the actor had gained access to the systems and copied data from AD’s network. The data obtained relates to the PII of both employees and patients.

ADVERTISEMENT

The impacted data includes:

  • Names
  • Dates of birth
  • Addresses
  • Social Security numbers
  • Patient medical treatment information
  • Patient health insurance claims information
  • Employee driver’s license numbers
  • Employee passport numbers

“The information involved varies for each individual, and not every category applies in each individual case,” the healthcare provider said.

As reported on the Office of the Maine Attorney's website, the ransomware attack has affected approximately 370,000 people.

After the incident, AD claims to have taken steps to disconnect access to its network and employed cybersecurity specialists to help with restoration to its systems.

AD is offering free credit monitoring and identity theft protection services to anyone affected by the ransomware attack.

Affiliated Dermatologists and Dermatologic Surgeons is a dermatologic care service that works in various areas across the US.

The ransomware group BianLian claimed the attack on Affiliated Dermatologist in April of 2024.

ADVERTISEMENT

BianLian has targeted organizations in multiple US critical infrastructure sectors since June 2022.

The gang has also targeted critical sectors in Australia, according to the US Cybersecurity & Infrastructure Security Agency (CISA).

The threat actors of unknown origin typically gain access to victims through the use of valid Remote Desktop Protocol (RDP) credentials, according to a ransomware advisory alert about the gang released by CISA this past spring.

The phrase Bian Lian, or “face-changing” in Chinese, is an ancient performance art known as Chinese Sichuan opera, which uses colorful costumes and masks. It’s rarely seen outside the mainland due to protected secrecy law.

According to Ransomlooker, a Cybernews ransomware monitoring tool, BianLian has targeted 196 organizations in the last 12 months.