We’re excited to bring Transform 2022 back in person on July 19 and virtually July 20 – August 3. Join AI and data leaders for insightful conversations and exciting networking opportunities. Learn more
The Hive ransomware group, known for attacking healthcare organizations, has posted on its dark web site that it has stolen 850,000 personally identifiable information (PII) records from California’s Partnership HealthPlan.
The organization’s website currently consists of a landing page stating that the health plan has “encountered technical problems,” including a “malfunction in certain computer systems.” The organization’s phone systems have a similar message, with a recorded message that “all our systems are down, with no expected repair time.”
“We are working diligently with outside specialists to investigate the source of this disruption, confirm the impact on our systems and restore full functionality to our systems as quickly as possible,” the health plan said in a statement on its website. which is not dated.
The California Partnership HealthPlan says it has set up Gmail addresses for patients and healthcare providers to contact. VentureBeat has emailed the address for general inquiries.
Brett Callow, a threat analyst at cybersecurity firm Emsisoft, said in a message to VentureBeat that “establishing alternative communication channels is a standard game when responding to incidents.”
“Even if your email system is working, the attackers can access and monitor the communication,” Callow said.
Screenshot of the Partnership HealthPlan of California website (March 29, 4:30 PM PST)
The technical problems seem to have started a few days ago. The press Democrat reported on the issues on March 24, without reporting a cyberattack, and said the health plan has more than 618,000 members in Northern California.
The Hive ransomware group posted its claim on Tuesday about the stolen data from California’s Partnership HealthPlan. The data contains 850,000 unique PII records, such as name, social security number and address, according to the group. The stolen data also included 400GB of stolen files from the organization’s server, Hive claimed.
The ransomware group has been active since at least June 2021, marking the first time the group has posted to its dark web site “HiveLeaks”.
Previously reported ransomware attacks by Hive include an August 2021 attack on Memorial Health System, which has hospitals in Ohio and West Virginia, and an October 2021 attack on Johnson Memorial Health in Indiana.
A previous FBI warning warned that the Hive ransomware group “probably operates as an affiliated ransomware, employing a wide variety of tactics, techniques, and procedures (TTPs), creating significant defense and mitigation challenges.”
“Hive ransomware uses multiple mechanisms to compromise corporate networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally on the network,” the FBI said. “After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in every affected folder within a victim’s system with instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, ‘HiveLeaks’.”
VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more
This post Hive ransomware group claims to steal patient data from California health plan
was original published at “https://venturebeat.com/2022/03/29/hive-ransomware-group-claims-to-steal-california-health-plan-patient-data/”