Hive Ransomware Group Hits the Partnership HealthPlan of California

March 31, 2022
The Hive Ransomware group, which was first observed in June of 2021 and known to target healthcare organizations, has stolen 850,000 PII records from the Partnership HealthPlan of California

According to a March 29 article from VentureBeat by Kyle Alspach, the Hive Ransomware group posted on its dark website that it has stolen 850,000 personally identified information (PII) records from the Partnership HealthPlan of California.

The Hive Ransomware group was first observed in June of 2021 and on Sept. 3, 2021 we reported that the FBI had released an alert about the malicious Hive ransomware, the same group that took down Memorial Health System on Aug. 15.

“The alert says that ‘Hive ransomware, which was first observed in June 2021 and likely operates as an affiliate-based ransomware, employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation,’ we reported. ‘Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network.’”

Further, “’After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, ‘HiveLeaks.’”

The Partnership HealthPlan of California’s website is “temporarily unavailable” and has the following statement on its landing page:

“Partnership HealthPlan of California recently became aware of anomalous activity on certain computer systems within its network. We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation. Should our investigation determine that any information was potentially accessible, we will notify affected parties according to regulatory guidelines. We appreciate your patience and understanding and apologize for any inconvenience.”

Alspach reports that “The Hive ransomware group posted its claim about the stolen Partnership HealthPlan of California data on Tuesday [March 29, 2022]. The data includes 850,000 unique PII records, such as name, social security number and address, according to the group. The stolen data also includes 400 GB of stolen files from the organization’s server, Hive claimed.”

Sponsored Recommendations

ASK THE EXPERT: ServiceNow’s Erin Smithouser on what C-suite healthcare executives need to know about artificial intelligence

Generative artificial intelligence, also known as GenAI, learns from vast amounts of existing data and large language models to help healthcare organizations improve hospital ...

TEST: Ask the Expert: Is Your Patients' Understanding Putting You at Risk?

Effective health literacy in healthcare is essential for ensuring informed consent, reducing medical malpractice risks, and enhancing patient-provider communication. Unfortunately...

From Strategy to Action: The Power of Enterprise Value-Based Care

Ever wonder why your meticulously planned value-based care model hasn't moved beyond the concept stage? You're not alone! Transition from theory to practice with enterprise value...

State of the Market: Transforming Healthcare; Strategies for Building a Resilient and Adaptive Workforce

The U.S. healthcare system is facing critical challenges, including workforce shortages, high turnover, and regulatory pressures. This guide highlights the vital role of technology...