The group, known for attacks on healthcare organizations, claims to have stolen 850,000 personally identifiable information records from Partnership HealthPlan of California. Credit: Getty Images The Hive ransomware group has claimed to have stolen 850,000 personally identifiable information (PII) records from the Partnership HealthPlan of California (PHC). The data includes names, Social Security numbers, and addresses along with 400 GB of stolen files from the healthcare organization’s server, according to a post on Hive’s dark web site. The PHC has confirmed “anomalous activity on certain computer systems within its network.”Partnership HealthPlan of California confirms “anomalous activity” on systemsThe PHC’s website currently (March 31) shows a holding page with a message stating that it recently became aware of anomalous activity on certain computer systems within its network. The company’s statement reads:“We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation. Should our investigation determine that any information was potentially accessible, we will notify affected parties according to regulatory guidelines. We appreciate your patience and understanding and apologize for any inconvenience.” At the time of writing, the PHC was unable to receive or process treatment authorization requests. Hive ransomware group synonymous with healthcare attacksHive has been active since at least June 2021 and is synonymous with attacking healthcare organizations and other businesses ill-equipped to defend against cyberattacks. An FBI warning from August 2021 stated that the group likely operates as an affiliate-based ransomware operation and employs a wide variety of tactics, techniques, and procedures, creating significant challenges for defense and mitigation.“Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network,” the FBI said. After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network, the FBI added. “The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, HiveLeaks.” Related content brandpost Sponsored by Cyber NewsWire Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud By Cyber NewsWire - Paid Press Release May 21, 2024 4 mins Cyberattacks Security opinion Employee discontent: Insider threat No. 1 CISOs who focus only on detection technology — and don’t engage with the human side of the security equation — are missing a key ingredient for insider risk management. By Christopher Burgess May 21, 2024 7 mins CSO and CISO Threat and Vulnerability Management Human Resources how-to Download the hybrid cloud data protection enterprise buyer’s guide From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand the issues their organizations face around protecting corporate data in a hybrid cloud environment and how to By Neal Weinberg May 20, 2024 1 min Cloud Security Data and Information Security Enterprise Buyer’s Guides news analysis Global stability issues alter cyber threat landscape, ESET reports With conflict on the rise, regional APT groups are increasing activity, altering focus, and putting specific industries in their crosshairs. Here’s what CISOs should know. By Evan Schuman May 20, 2024 4 mins Advanced Persistent Threats Cyberattacks Threat and Vulnerability Management PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe