Cyber Incident Victim: Albany ENT & Allergy Services

On or around March 27, 2023, Albany ENT & Allergy Services was compromised in a ransomware attack. The RansomHouse cybercrime group publicly claimed responsibility for the incident, stating they had successfully locked the victim's systems on that date. They further asserted they had exfiltrated a significant volume of data from the healthcare provider, claiming to have downloaded more than two terabytes of files. Shortly thereafter, a second ransomware group, BianLian, also listed the entity on its data leak site. BianLian's initial listing used an asterisk-obscured name, a tactic the group frequently employs before fully revealing a victim's identity and publishing stolen data. Both groups listed nearly identical revenue figures for the entity, confirming they were targeting the same organization.

The public disclosure occurred on April 23, 2023, when both RansomHouse and BianLian had active listings for Albany ENT & Allergy Services on their respective extortion sites. RansomHouse supported its claim by publishing a proof pack, a sample of the allegedly stolen data used to verify their breach to the victim and other observers. The healthcare provider's website experienced disruptions concurrent with these public claims, with its homepage returning a 404 error for a period on April 23 before service was apparently restored. No data breach notification or security advisory was present on the organization's public-facing website at the time. The full scope of any data encryption or the specific impact on patient care and internal operations was not publicly detailed by the entity itself. The involvement of two distinct ransomware groups introduced uncertainty regarding which group was directly responsible for the initial network encryption or if both were involved at different stages.