We’re excited to convey Rework 2022 again in-person July 19 and just about July 20 – August 3. Be part of AI and information leaders for insightful talks and thrilling networking alternatives. Learn More
The Hive ransomware group, identified for attacking healthcare organizations, posted on its darkweb website that it has stolen 850,000 personally identifiable data (PII) information from the Partnership HealthPlan of California.
The group’s website at the moment consists of a touchdown web page that claims the well being plan has been “experiencing technical difficulties,” together with a “disruption to sure pc programs.” The group’s cellphone programs have an analogous message, with a recorded message saying that “all of our programs are down, with no anticipated time of restore.”
“We’re working diligently with third-party specialists to research the supply of this disruption, verify its influence on our programs, and to revive full performance to our programs as quickly as doable,” the well being plan mentioned within the message on its web site, which isn’t dated.
The Partnership HealthPlan of California says it has arrange Gmail addresses for sufferers and suppliers to contact. VentureBeat has emailed the tackle for common inquiries.
Brett Callow, a risk analyst at cybersecurity agency Emsisoft, mentioned in a message to VentureBeat that “establishing various communication channels is a typical play in incident response.”
“Even when your electronic mail system is working, the attackers may have entry and have the ability to monitor communications,” Callow mentioned.
The technical points seem to have begun a number of days in the past. The Press Democrat reported on the problems on March 24, with out point out of a cyberattack, and indicated that the well being plan has greater than 618,000 members in Northern California.
The Hive ransomware group posted its declare concerning the stolen Partnership HealthPlan of California information on Tuesday. The information contains 850,000 distinctive PII information, corresponding to identify, social safety quantity and tackle, in line with the group. The stolen information additionally contains 400 GB of stolen information from the group’s server, Hive claimed.
The ransomware group has been lively since not less than June 2021, which is the primary time the group posted on its “HiveLeaks” darkweb website.
Previous reported ransomware assaults by Hive have included an August 2021 attack towards Memorial Well being System, which has hospitals in Ohio and West Virginia, and an October 2021 attack towards Johnson Memorial Well being in Indiana.
A earlier alert from the FBI warned that the Hive ransomware group “doubtless operates as an affiliate-based ransomware, employs all kinds of ways, methods, and procedures (TTPs), creating vital challenges for protection and mitigation.”
“Hive ransomware makes use of a number of mechanisms to compromise enterprise networks, together with phishing emails with malicious attachments to realize entry and Distant Desktop Protocol (RDP) to maneuver laterally as soon as on the community,” the FBI mentioned. “After compromising a sufferer community, Hive ransomware actors exfiltrate information and encrypt information on the community. The actors go away a ransom word in every affected listing inside a sufferer’s system, which supplies directions on the right way to buy the decryption software program. The ransom word additionally threatens to leak exfiltrated sufferer information on the Tor website, ‘HiveLeaks.’”
VentureBeat’s mission is to be a digital city sq. for technical decision-makers to realize information about transformative enterprise expertise and transact. Learn More