A new twist in the cybersecurity threat landscape: healthcare organizations recently reported receiving physical letters claiming to be from the BianLian ransomware group. But as TJ Ramsey, Fortified Health Security’s Senior Director of Threat Operations, explains, this may not have been the real deal.
“There is no indication this group was really involved. This seems like a copycat scenario.”
That might seem like a relief to think since there’s no ransomware, there’s no breach. But that doesn’t mean this is a harmless act. The reality is that even a mailed letter with false claims can trigger confusion, fear, and costly investigation. And that’s precisely what attackers are counting on.
In this month’s mail scam alert, the FBI’s Internet Crime Complaint Center (IC3) warned:
“Cybercriminals are mailing letters claiming to be from well-known ransomware groups to intimidate victims into making payments or providing sensitive information.”
A threatening message printed on paper slipped into an envelope and mailed to your facility is not exactly the image that comes to mind when we talk about cyberattacks. You think computers and high-tech approaches. But that’s what makes this threat effective. It bypasses firewalls and spam filters entirely and preys on fear and uncertainty.
Mail Scam Alert Pattern: Old Tactics, New Impact
This BianLian ransomware letter isn’t an isolated incident; that mail scam alert is part of a broader return to “old school” attack methods.
We’ve previously looked at healthcare phone spoofing scams, where threat actors increasingly use phone calls, voicemails, and even fake caller ID numbers to impersonate healthcare leadership or IT staff. These voice phishing (“vishing”) campaigns can lead to credential theft, financial fraud, or the unauthorized release of sensitive data.
What ties all these methods, mail, phone, spoofed email, together? They target humans, not software.
According to a report, human actions or inactions played a role in 74% of breaches last year. That aligns exactly with what we’re seeing across healthcare: threat actors bypassing technical controls and going straight for people. Whether it’s a spoofed phone call or a convincing piece of physical mail, these tactics exploit human psychology, not software vulnerabilities.
“Even allegedly false or copycat scams must be investigated,” Ramsey says. “That’s the reality. If you received a letter like this, how do you prove or disprove its claims? Our retainer and maturity program help answer that.”
BianLian Ransomware Lesson: Be Ready No Matter the Medium
At Fortified Health Security, we help healthcare organizations build maturity across the board so you’re defending against malware and managing risk from all directions.
Whether a threat comes in the form of a phone call, letter, or ransomware payload, your team needs to have a plan in place so they can act confidently to ensure the threat doesn’t cause a major impact.
Fortified’s Incident Response and awareness training are designed to help you:
- Investigate suspicious communications
- Validate threats, digital or physical
- Minimize disruption to patient care
- Stay ahead of evolving attack methods
Because in today’s threat landscape, the most dangerous tactic might be the simplest, low-tech one.
Don’t underestimate the mail scam threats like the BianLian ransomware alert. To learn more about preparing your organization for threats like this, contact Fortified Health Security today.
