texas retina associates ransomware

Ophthalmology practice Texas Retina Associates yesterday notified 297,500 Texans about a data breach earlier in the year that compromised names, Social Security numbers, medical info, health insurance info, addresses, and dates of birth. The company disclosed the breach to the Texas Attorney General.

Ransomware group BianLian on April 22, 2024 claimed responsibility for the attack, posting Texas Retina Associates to its leak site.

A Texas Retina Associates spokesperson told Comparitech that it was first alerted to unusual activity in its network on March 27, 2024. The data came primarily from the company’s electronic medical record system. TRA stated the attack was “not an encryption event”, and it did not disrupt any services. The company acknowledged that a ransom was requested, but it says it did not pay it and did not verify BianLian’s claim.

Although all of Texas Retina Associates’ 14 offices are in Texas, patients from other states could be impacted as well, and not accounted for in today’s figure.

We recommend victims take advantage of any credit monitoring and/or identity theft protection services offered by Texas Retina Associates. Monitor your credit report, accounts, and medical bills for suspicious activity.

Who is BianLian?

First appearing in late 2021, BianLian has claimed 46 confirmed ransomware attacks, according to our data. Its targets span the government, healthcare, and education sectors, including Save the Children, Air Canada, and Australia’s critical infrastructure. Its attacks affected 1.65 million individual records.

Of the 46 confirmed attacks claimed by BianLian, six were against US healthcare organizations, including Optometric Physicians of Middle Tennessee, Lindsay Municipal Hospital, Hypertension-Nephrology Associates, Affiliated Dermatologists & Dermatologic Surgeons P.A., Advantage Orthopedic & Sports Medicine Clinic, and Clinica de Salud del Valle de Salinas (CSVS). The attack on Affiliated Dermatologists & Dermatologic Surgeons P.A. was one of the largest healthcare breaches this year so far, with 373,379 records affected.

BianLian used to extort victims twice, demanding one ransom in exchange for a decryption key to restore systems, and a second ransom for not selling or publicly releasing stolen data. However, the FBI has stated that, like many other ransomware groups, BianLian has stopped encrypting systems and now solely extorts victims for stolen data.

We further logged 71 unconfirmed attacks claimed by BianLian.

Ransomware attacks on US healthcare

So far this year, we’ve tracked 34 attacks on US healthcare companies, affecting 2,056,162 records affected. This excludes the Texas Retina figures and attack until it is fully confirmed. If confirmed, the Texas Retina breach will become the fifth-largest attack on a US healthcare company this year so far by number of records affected.

We tracked another 88 unconfirmed attacks on US healthcare companies this year, 10 of which were claimed by BianLian.

About Texas Retina Associates

Texas Retina Associates says its the state’s largest ophthalmology practice with 14 offices and more than 200 employees, according to external sources. It focuses on retina and vitreous diseases, such as macular degeneration and diabetic retinopathy.