Affiliated Dermatology Dermatological Clinic (AD) fell victim to an extortion attack by the Bianlian group, resulting in the exposure of personal data of patients and employees. The incident came to light when the attackers left a ransom note on the clinic’s network.
On April 10, 2024, AD management discovered that hackers had accessed their systems between March 2 and 5, 2024, and copied data from the clinic network. The stolen information included names of patients, dates of birth, addresses, social insurance numbers, medical records, information on patients’ medical insurance, as well as driver’s license and passport numbers of employees.
In a letter to customers, clinic representatives highlighted that the amount of leaked information varied for each victim, and not all categories of data were present in every case. According to data from the General Prosecutor’s Office, the breach affected approximately 373,000 individuals.
Following the discovery of the AD attack, immediate action was taken to shut off access to their network and IB specialists were engaged to restore the system. The clinic also announced that they would provide free credit monitoring and data theft protection to the affected individuals.
The Bianlian group, known for their activities since June 2022, has targeted critical systems worldwide. In July 2024, they stole 300 GB of data from the French CHU hospital, and later in September, they claimed responsibility for breaching the IT systems of a major non-profit organization, believed to be international charity Save the Children International.
In March, IB-company Guidepoint Security identified Bianlian’s use of Jetbrains Teamcity software for their extortion attacks.