The BianLian ransomware group has added Northeast Spine and Sports Medicine to its list of victims. However, the hacking group has not disclosed any additional details regarding the cyberattack on Northeast Spine and Sports Medicine like the motive behind the attack or the extent of the potential data breach.
Northeast Spine and Sports Medicine is a prominent multi-specialty medical group based in New Jersey, specializing in a wide range of healthcare services, including orthopedic surgery, neurosurgery, pain management, sports medicine, chiropractic, physical and occupational therapy, acupuncture, and massage.
Cyberattack on Northeast Spine and Sports Medicine: In Detail
The cyberattack on Northeast Spine and Sports Medicine occurred on January 15, 2024, at 08:47 UTC +3 as per the ThreatMon Advanced Ransomware Monitoring forum.
Intriguingly, upon accessing the medical group’s official website, it was found to be fully functional, raising doubts about the authenticity of the ransomware group’s claims.
To verify the legitimacy of the cyberattack on Northeast Spine and Sports Medicine, The Cyber Express has reached out to Northeast Spine and Sports Medicine officials for clarification and additional information. As of the time of writing this report, no official statement or response has been received from the targeted medical group.
If the ransomware group’s claim of cyberattack on Northeast Spine and Sports Medicine is proven true, the implications could be far-reaching, considering the sensitive nature of healthcare data and the potential compromise of patient information.
Healthcare Sector in the Crosshairs
The healthcare sector has increasingly become a favored target for hackers, with incidents of ransomware attacks on medical institutions becoming alarmingly common.
In notable cases from 2023, Norton Healthcare, a nonprofit healthcare institution based in Kentucky, fell victim to a ransomware attack that exposed the personal information of millions of patients and staff members.
Norton Healthcare reported that during the ransomware assault in May, hackers gained access to the private information of approximately 2.5 million patients, as well as staff and their dependents.
Similarly, McLaren Health Care Corporation, based in Grand Blanc, Michigan, acknowledged falling victim to a ransomware attack in the same year. As a fully integrated healthcare delivery system with a total value of US$6.6 billion, McLaren Health Care Corporation operates more than 13 healthcare centers across the Michigan region.
CISA Steps In
In response to the increasing cybersecurity threats faced by the healthcare sector, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a 25-page mitigation guide specifically tailored for the healthcare and public health (HPH) sector.
The guide aims to address and tackle widespread cyber threats within the industry. It aligns CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs) with the 405(d) Health Industry Cybersecurity Practices (HCIP): Managing Threats and Protecting Patients guidance, jointly published by the Department of Health and Human Services (HHS) and the Health Sector Coordinating Council (HSCC).
A Call for Vigilance
The healthcare industry remains vulnerable to cyber threats, and these recent incidents highlight the urgent need for enhanced cybersecurity measures to safeguard patient data and ensure the uninterrupted delivery of medical services.
As investigations continue into the Northeast Spine and Sports Medicine cyberattack, the broader healthcare community must remain vigilant in the face of evolving cyber threats. The Cyber Express will continue to monitor developments in this situation and provide updates as more information becomes available.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
