St. Clair Orthopaedics and Sports Medicine (SCOSM) experienced a significant data breach in November 2024, attributed to the BianLian ransomware group. The breach was discovered on November 24, 2024, when suspicious activity was detected in SCOSM’s network. Upon further investigation, SCOSM confirmed that the affected systems contained sensitive patient data, which prompted the engagement of cybersecurity experts to assess the breach’s scope and origins. By December 20, 2024, SCOSM completed a thorough investigation, determining that patient health information, insurance data, and personal identifiers had been compromised.
The data stolen by BianLian included a wide range of personal and health information, such as health insurance details, medical records, billing information, and personal identification numbers like Social Security and driver’s license numbers. BianLian claimed to have stolen 1.2 TB of data from SCOSM. Although the clinic notified impacted patients and took steps to secure its network, the details of BianLian’s ransom demand, as well as whether SCOSM paid the ransom, remain unknown. The clinic’s response included investigating the breach and implementing measures to prevent future incidents.
While the clinic took immediate action to contain the incident and protect its network, it has not offered free credit monitoring or identity theft protection to affected individuals.
SCOSM has communicated with its patients and outlined steps they can take to protect their information, including monitoring credit reports and placing fraud alerts. Despite the severity of the breach, SCOSM has not confirmed the specific ways in which the ransomware gang infiltrated its network, leaving some questions unresolved about the full extent of the attack.
BianLian is a notorious ransomware group that has been responsible for multiple high-profile attacks, particularly targeting the healthcare sector. Since its emergence in 2021, the group has claimed responsibility for numerous ransomware attacks, compromising millions of records. The group’s tactics differ from other ransomware actors, as they extort victims without encrypting their systems, instead leaking the stolen data online. BianLian’s attacks continue to target hospitals, clinics, and healthcare providers, with 12 confirmed incidents already recorded in 2025, although none of the organizations involved have publicly acknowledged these breaches.
Reference:
