When criminals want get more credit: Two ransomware groups claim responsibility for attack on Albany ENT & Allergy Services

Albany ENT & Allergy Services (AENT), based in Albany, New York, rinforms of a data breach. The data breach affects 224,486 employees and patients.

The notification lacks details, despite two ransomware groups - BianLian and RansomHouse claiming responsibility for the attack on the medical facility. Apparently two separate ransomware groups claimed to have targeted AENT. However, in the notification issued by AENT, there is no mention of these claims or any related information.

According to AENT's notification, they became aware of suspicious activity on their computer network around March 27, 2023. In response, they promptly initiated an investigation with the help of third-party computer forensic specialists to determine the nature and extent of the incident. AENT's investigation revealed that between March 23, 2023, and April 4, 2023, an unauthorized party may have accessed specific systems containing personal and protected health information. A thorough review of these systems and files conducted on or about May 2, 2023, identified the presence of certain employee and patient information. Although AENT has no evidence of identity theft or fraud associated with the incident, they decided to notify individuals whose information was present in their systems during that period. Additionally, AENT offered these individuals 12 months of credit monitoring services.

Per the attackers' chronology things are different On April 23, one of the ransomware groups, BianLian, listed a disguised version of AENT name on their leak site but provided no proof of their claims. Reporters managed to identify AENT as the victim by matching the description on BianLian's site with available information from zoominfo.com. BianLian alleged to have downloaded 630 GB of files. However, as of May 11 the linked files on BianLian's site are unavailable.

On April 28, another ransomware group, RansomHouse, listed AENT on their leak site. They claimed to have encrypted AENT's systems on March 27, which better aligns with the date mentioned in AENT's notification regarding their awareness of suspicious activity. RansomHouse also provided proof of their claims and stated that they had downloaded 2 TB of data. On or around May 9, they seemed to have leaked AENT's data.

AENT's notification does not acknowledge any ransomware attack, file encryption, ransom demands, or the dumping of patient or employee data on the dark web.

AENT hasn't provided any clarity on whether the reported beach included ransom demands, whether patient care and practice opertations are affected and whether patients are informed of data leaks on the dark web.