Hive Ransomware Group Hits the Partnership HealthPlan of California
According to a March 29 article from VentureBeat by Kyle Alspach, the Hive Ransomware group posted on its dark website that it has stolen 850,000 personally identified information (PII) records from the Partnership HealthPlan of California.
The Hive Ransomware group was first observed in June of 2021 and on Sept. 3, 2021 we reported that the FBI had released an alert about the malicious Hive ransomware, the same group that took down Memorial Health System on Aug. 15.
“The alert says that ‘Hive ransomware, which was first observed in June 2021 and likely operates as an affiliate-based ransomware, employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation,’ we reported. ‘Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network.’”
Further, “’After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, ‘HiveLeaks.’”
The Partnership HealthPlan of California’s website is “temporarily unavailable” and has the following statement on its landing page:
“Partnership HealthPlan of California recently became aware of anomalous activity on certain computer systems within its network. We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation. Should our investigation determine that any information was potentially accessible, we will notify affected parties according to regulatory guidelines. We appreciate your patience and understanding and apologize for any inconvenience.”
Alspach reports that “The Hive ransomware group posted its claim about the stolen Partnership HealthPlan of California data on Tuesday [March 29, 2022]. The data includes 850,000 unique PII records, such as name, social security number and address, according to the group. The stolen data also includes 400 GB of stolen files from the organization’s server, Hive claimed.”