Hive ransomware group claims to steal California health plan patient data

We are excited to bring Transform 2022 back to life on 19th July and virtually 20th July – 3rd August. Join AI and data leaders for discreet discussions and exciting networking opportunities. Learn more


The hive ransomware group known for attacking healthcare organizations has posted on its Dark Web site that it has stolen 850,000 personally identifiable information (PII) records from California’s Partnership Health Plan.

The organization’s website currently has a landing page that says the health plan is experiencing “technical difficulties,” including “disruptions to a specific computer system.” The organization’s phone systems have a similar message, with a recorded message stating “All our systems are down, not expected repairs.”

“We are working diligently with third-party experts to investigate the source of this disruption, confirm its impact on our systems and restore full functionality to our system as soon as possible,” the health plan said in a statement on its website, which did not date. .

California’s Partnership Health Plan says it has set up Gmail addresses to contact patients and providers. VentureBeat has emailed the address for general inquiries.

Brett Kello, a threat analyst at cybersecurity firm Amsisoft, told VentureBeat in a message that “the establishment of alternative communication channels is the standard play in response to the incident.”

“Even if your email system is working, the attackers may have access and be able to monitor the communication,” Kello said.

Website screenshot for California Partnership Health Plan (March 29, 4:30 pm PST)

The technical problems seem to have started several days ago. The Press Democrat reported on the issues on March 24 without mentioning the cyber attack, noting that there are more than 618,000 members of the health plan in Northern California.

The Hive ransomware group on Tuesday posted a lawsuit against California’s Data Partnership Healthplan. According to the group, the data includes 850,000 unique PII records, such as name, social security number and address. The stolen data also includes 400 GB of files stolen from the organization’s servers, Hive claimed.

The ransomware group has been active since at least June 2021, the first time the group has posted on its “HiveLeaks” dark web site.

Past ransomware attacks by Beehives include the August 2021 attack on the Memorial Health System, which has hospitals in Ohio and West Virginia, and the October 2021 attack on Johnson Memorial Health in Indiana.

An earlier FBI warning warned that the Hive ransomware group “acts as a potentially affiliate-based ransomware, using a variety of tactics, techniques and processes (TTPs) that pose significant challenges to defense and mitigation.”

The FBI states that “Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments and remote remote desktop protocol (RDP) to move back and forth over a network to gain access.” “After compromising the victim’s network, Hive ransomware actors extract the data and encrypt the files on the network. The actors leave a ransom note in each affected directory in the victim’s system, providing instructions on how to purchase decryption software. The ransom note also threatens to leak the victim’s exiled data on the Tor site, HiveLeaks.

Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more

Similar Posts

Leave a Reply

Your email address will not be published.