bianlian opmt ransomware

Ransomware group BianLian yesterday claimed an attack on Optometric Physicians of Middle Tennessee (OPMT), a chain of eyecare clinics. OPMT in March 2024 posted a notification on its website confirming a cyber attack.

BianLian says it stole 1.5 terabytes of finance data, human resources data, patients’ personally identifiable info and personal health info, biometric data, contracts, confidential agreements, and SQL databases.

OPMT has not confirmed BianLian’s claim. The notice on OPMT’s website states:

“On March 25, 2024, we learned that, despite the firewalls, virus protection, and other safeguards put in place by our data security staff, cyber criminals gained unauthorized access to a server on the Optometric Physicians of Middle Tennessee computer network, and were able to steal certain files containing patient identifying information. A very limited amount of healthcare information was exposed, but other identifying information may have been accessed.”

The notice goes on to mention a link to more information, but the link appears to be missing as of time of writing.

OPMT told Comparitech in an email, “OPMT has proudly served our patient community for decades and our priority continues to be our patients’ wellbeing.  To that end, in addition to taking additional precautions out of abundance of caution, we are offering our patients identity protection.  Due to the nature of the ongoing investigation, we are not able to comment at this time.”

Who is BianLian?

First appearing in late 2021, BianLian has been confirmed as the group behind 36 ransomware attacks, according to our data. Its targets span the government, healthcare, and education sectors, including Save the Children, Air Canada, and Australia’s critical infrastructure.

BianLian used to extort victims twice, demanding one ransom in exchange for a decryption key to restore systems, and a second ransom for not selling or publicly releasing stolen data. However, the FBI has stated that, like many other ransomware groups, BianLian has stopped encrypting systems and now solely extorts victims for stolen data.

BianLian’s most frequent attack vectors are unsecured RDP connections and other software vulnerabilities.

Ransomware attacks on US healthcare

This attack on OPMT joins 13 other confirmed ransomware attacks on US healthcare organizations so far in 2024. In 2023, we recorded 126 such attacks that affected 17,683,124 records and counting. A ransomware attack on a healthcare company led to an average downtime of 18.7 days.

Ransomware attacks on US healthcare organizations can cripple key systems and endanger the privacy and security of patients. Hospitals and clinics may have to resort to pen and paper, cancel certain appointments, and divert patients elsewhere until systems are restored.

About OPMT

Optometric Physicians of Middle Tennessee consists of seven vision clinics in the Nashville area. It sells eye exams, glasses, and therapy for various eye conditions and diseases.