Hive ransomware group claims to steal California health plan patient data

The Hive ransomware group, known for attacking health care organizations, posted on its darkweb site that it has stolen 850,000 personally identifiable info (PII) records from the Partnership HealthPlan of California.

The organization’s web page currently consists of a landing site that claims the health strategy has been “experiencing specialized challenges,” together with a “disruption to certain personal computer units.” The organization’s mobile phone devices have a identical message, with a recorded concept saying that “all of our devices are down, with no predicted time of repair service.”

“We are operating diligently with 3rd-get together professionals to examine the resource of this disruption, affirm its impact on our techniques, and to restore full functionality to our programs as shortly as possible,” the overall health system reported in the concept on its web page, which is not dated.

The Partnership HealthPlan of California states it has established up Gmail addresses for clients and companies to get in touch with. VentureBeat has emailed the deal with for standard inquiries.

Brett Callow, a danger analyst at cybersecurity company Emsisoft, explained in a concept to VentureBeat that “establishing option communication channels is a conventional enjoy in incident response.”

“Even if your electronic mail system is functioning, the attackers could have entry and be capable to observe communications,” Callow reported.

The specialized difficulties seem to have started many times back. The Press Democrat claimed on the challenges on March 24, with no mention of a cyberattack, and indicated that the wellness prepare has extra than 618,000 associates in Northern California.

The Hive ransomware group posted its assert about the stolen Partnership HealthPlan of California info on Tuesday. The details contains 850,000 exceptional PII information, this sort of as identify, social safety variety and handle, in accordance to the group. The stolen info also includes 400 GB of stolen documents from the organization’s server, Hive claimed.

The ransomware team has been lively due to the fact at the very least June 2021, which is the to start with time the team posted on its “HiveLeaks” darkweb web-site.

Past described ransomware assaults by Hive have incorporated an August 2021 assault versus Memorial Wellness Procedure, which has hospitals in Ohio and West Virginia, and an Oct 2021 attack towards Johnson Memorial Health and fitness in Indiana.

A preceding warn from the FBI warned that the Hive ransomware group “likely operates as an affiliate-centered ransomware, employs a broad range of ways, techniques, and processes (TTPs), making significant challenges for defense and mitigation.”

“Hive ransomware employs multiple mechanisms to compromise business enterprise networks, which includes phishing e-mail with malicious attachments to obtain accessibility and Remote Desktop Protocol (RDP) to move laterally once on the network,” the FBI mentioned. “After compromising a target community, Hive ransomware actors exfiltrate details and encrypt files on the network. The actors depart a ransom note in each and every affected directory inside of a victim’s procedure, which delivers recommendations on how to acquire the decryption computer software. The ransom take note also threatens to leak exfiltrated target facts on the Tor internet site, ‘HiveLeaks.’”