Dec 15, 2021
0 0

Cyberattack on BHG opioid treatment network disrupts patient care

Written by

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws
Bugs in billions of WiFi, Bluetooth chips allow password, data theft
Log4j: List of vulnerable products and vendor advisories
Microsoft fixes Windows AppX Installer zero-day used by Emotet
Telecom operators targeted in recent espionage hacking campaign
New ransomware now being deployed in Log4Shell attacks
DHS announces ‘Hack DHS’ bug bounty program for vetted researchers
Windows 11 KB5008215 update released with application, VPN fixes
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Opioid treatment network Behavioral Health Group suffered a cyberattack that led to an almost week-long disruption of IT systems and patient care.
Behavioral Health Group (BHG) is one of the largest networks of outpatient opioid treatment centers in the USA, with over 80 clinics throughout seventeen states.
Last week, BHG suffered a cyberattack that forced them to shut down portions of their IT network to prevent the attack’s spread.
This computer outage caused issues at some clinics, preventing patients from receiving their normally prescribed take-home doses of methadone or suboxone, used to treat narcotics addiction.
Patients starting a treatment plan for opioid addiction receive their doses at a clinic. However, patients in a stable treatment plan can receive take-home doses for in-home usage.
While some BHG clinics were able to provide take-home doses, many patients reported on Reddit [123] that their clinics could not provide the usually prescribed medicine due to the computers being down and not able to print prescription labels.
Patients told BleepingComputer that this IT outage and the lack of take-homes caused significant discomfort and stress during the past week, as they were not able to go to the clinic to receive doses each day due to work constraints or other obstacles.
After contacting BHG about the systems outage, Behavioral Health Group confirmed to BleepingComputer that a cyberattack caused the outages.
“Behavioral Health Group is investigating a security incident that impacted our network. Upon learning of the incident, we took certain systems offline out of an abundance of caution and began a thorough investigation with leading information security experts,” Behavioral Health Group told BleepingComputer in a statement.
“Our primary focus remains the uninterrupted access to care for our patients. Our treatment centers are still fully operational and our clinical care teams continue to provide treatment including medication-assisted recovery to all patients.”
“In parallel, our systems technology teams are focused on a safe and efficient remediation process and the restoration of our systems.”
When asked follow-up questions regarding the type of cyberattack and when it occurred, Behavioral Health Group told us that they could not provide further information due to an ongoing investigation.
If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731, Wire at @lawrenceabrams-bc, or on Jabber at
While BHG has not disclosed the nature of the incident, it was likely caused by a ransomware attack.
Some ransomware gangs promise not to attack healthcare institutions, and if they do so by accident, they will provide a recovery key. Other ransomware operations, like Hive or Vice, do not care who they attack, and expect victims to pay regardless of the physical danger their attacks cause.
“If IT department don’t want to do their job we will do ours and we don’t care if it hospital or university.” – Vice ransomware gang.
Furthermore, when threat actors conduct ransomware attacks, they commonly steal unencrypted data and documents before encrypting devices. This stolen data is then used as leverage by threatening to release data if a ransom is not paid.
The release of stolen data can significantly impact a company, leading to a data breach and potential lawsuits.
However, the true cost is to patients whose highly sensitive information may be disclosed publicly.
BHG patients who spoke to BleepingComputer said their biggest concern is that if threat actors stole data, it could reveal their addiction and treatment to family, friends, and employers.
There is no indication that data was stolen during the attack at this time, but if it was, we would likely learn about it in the future as the attackers attempt to extort BHG further.
Kronos ransomware attack may cause weeks of HR solutions downtime
The Week in Ransomware – December 10th 2021 – Project CODA
Massive attack against 1.6 million WordPress sites underway
Cox discloses data breach after hacker impersonates support agent
Hundreds of SPAR stores shut down, switch to cash after cyberattack
Not a member yet? Register Now
Bugs in billions of WiFi, Bluetooth chips allow password, data theft
Kronos ransomware attack may cause weeks of HR solutions downtime
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


Article Categories:
Cybersecurity News

Comments are closed.