We’re excited to deliver Rework 2022 again in-person July 19 and just about July 20 – August 3. Be a part of AI and information leaders for insightful talks and thrilling networking alternatives. Study Extra
The Hive ransomware group, recognized for attacking healthcare organizations, posted on its darkweb website that it has stolen 850,000 personally identifiable info (PII) data from the Partnership HealthPlan of California.
The group’s website at the moment consists of a touchdown web page that claims the well being plan has been “experiencing technical difficulties,” together with a “disruption to sure pc programs.” The group’s telephone programs have the same message, with a recorded message saying that “all of our programs are down, with no anticipated time of restore.”
“We’re working diligently with third-party specialists to analyze the supply of this disruption, verify its affect on our programs, and to revive full performance to our programs as quickly as attainable,” the well being plan mentioned within the message on its web site, which isn’t dated.
The Partnership HealthPlan of California says it has arrange Gmail addresses for sufferers and suppliers to contact. VentureBeat has emailed the handle for basic inquiries.
Brett Callow, a risk analyst at cybersecurity agency Emsisoft, mentioned in a message to VentureBeat that “establishing various communication channels is an ordinary play in incident response.”
“Even when your e-mail system is working, the attackers might have entry and be capable of monitor communications,” Callow mentioned.
The technical points seem to have begun a number of days in the past. The Press Democrat reported on the problems on March 24, with out point out of a cyberattack, and indicated that the well being plan has greater than 618,000 members in Northern California.
The Hive ransomware group posted its declare in regards to the stolen Partnership HealthPlan of California information on Tuesday. The information consists of 850,000 distinctive PII data, reminiscent of identify, social safety quantity and handle, in keeping with the group. The stolen information additionally consists of 400 GB of stolen recordsdata from the group’s server, Hive claimed.
The ransomware group has been lively since not less than June 2021, which is the primary time the group posted on its “HiveLeaks” darkweb website.
Previous reported ransomware assaults by Hive have included an August 2021 attack towards Memorial Well being System, which has hospitals in Ohio and West Virginia, and an October 2021 attack towards Johnson Memorial Well being in Indiana.
A earlier alert from the FBI warned that the Hive ransomware group “seemingly operates as an affiliate-based ransomware, employs all kinds of techniques, strategies, and procedures (TTPs), creating vital challenges for protection and mitigation.”
“Hive ransomware makes use of a number of mechanisms to compromise enterprise networks, together with phishing emails with malicious attachments to realize entry and Distant Desktop Protocol (RDP) to maneuver laterally as soon as on the community,” the FBI mentioned. “After compromising a sufferer community, Hive ransomware actors exfiltrate information and encrypt recordsdata on the community. The actors go away a ransom observe in every affected listing inside a sufferer’s system, which gives directions on the way to buy the decryption software program. The ransom observe additionally threatens to leak exfiltrated sufferer information on the Tor website, ‘HiveLeaks.’”
