Hive ransomware group claims to steal California health plan patient data

The Hive ransomware group, identified for attacking healthcare companies, posted on its darkweb internet site that it has stolen 850,000 individually identifiable details (PII) records from the Partnership HealthPlan of California.

The organization’s web site currently is composed of a landing site that suggests the overall health plan has been “experiencing technical complications,” which include a “disruption to specified laptop or computer systems.” The organization’s cellular phone techniques have a comparable concept, with a recorded message expressing that “all of our systems are down, with no expected time of maintenance.”

“We are doing work diligently with third-get together experts to examine the resource of this disruption, verify its effect on our units, and to restore complete performance to our systems as shortly as feasible,” the wellbeing prepare explained in the message on its web site, which is not dated.

The Partnership HealthPlan of California says it has set up Gmail addresses for people and vendors to speak to. VentureBeat has emailed the deal with for common inquiries.

Brett Callow, a danger analyst at cybersecurity company Emsisoft, said in a concept to VentureBeat that “establishing alternative communication channels is a conventional play in incident response.”

“Even if your email technique is operating, the attackers could have access and be ready to observe communications,” Callow stated.

The technological concerns look to have begun quite a few days ago. The Push Democrat reported on the concerns on March 24, without having mention of a cyberattack, and indicated that the health and fitness strategy has additional than 618,000 members in Northern California.

The Hive ransomware team posted its claim about the stolen Partnership HealthPlan of California info on Tuesday. The facts contains 850,000 special PII documents, these types of as name, social security amount and address, according to the team. The stolen data also contains 400 GB of stolen files from the organization’s server, Hive claimed.

The ransomware group has been energetic considering the fact that at least June 2021, which is the to start with time the team posted on its “HiveLeaks” darkweb website.

Previous described ransomware attacks by Hive have involved an August 2021 assault from Memorial Wellness Method, which has hospitals in Ohio and West Virginia, and an October 2021 assault versus Johnson Memorial Health and fitness in Indiana.

A previous inform from the FBI warned that the Hive ransomware group “likely operates as an affiliate-centered ransomware, employs a extensive wide variety of strategies, procedures, and treatments (TTPs), developing considerable problems for protection and mitigation.”

“Hive ransomware works by using many mechanisms to compromise business enterprise networks, which include phishing e-mails with malicious attachments to gain obtain and Distant Desktop Protocol (RDP) to shift laterally after on the community,” the FBI stated. “After compromising a target network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors go away a ransom observe in each influenced directory inside a victim’s technique, which gives guidelines on how to invest in the decryption software package. The ransom be aware also threatens to leak exfiltrated sufferer knowledge on the Tor site, ‘HiveLeaks.’”