The group, known for attacks on healthcare organizations, claims to have stolen 850,000 personally identifiable information records from Partnership HealthPlan of California. Credit: Getty Images The Hive ransomware group has claimed to have stolen 850,000 personally identifiable information (PII) records from the Partnership HealthPlan of California (PHC). The data includes names, Social Security numbers, and addresses along with 400 GB of stolen files from the healthcare organization’s server, according to a post on Hive’s dark web site. The PHC has confirmed “anomalous activity on certain computer systems within its network.”Partnership HealthPlan of California confirms “anomalous activity” on systemsThe PHC’s website currently (March 31) shows a holding page with a message stating that it recently became aware of anomalous activity on certain computer systems within its network. The company’s statement reads:“We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation. Should our investigation determine that any information was potentially accessible, we will notify affected parties according to regulatory guidelines. We appreciate your patience and understanding and apologize for any inconvenience.” At the time of writing, the PHC was unable to receive or process treatment authorization requests. Hive ransomware group synonymous with healthcare attacksHive has been active since at least June 2021 and is synonymous with attacking healthcare organizations and other businesses ill-equipped to defend against cyberattacks. An FBI warning from August 2021 stated that the group likely operates as an affiliate-based ransomware operation and employs a wide variety of tactics, techniques, and procedures, creating significant challenges for defense and mitigation.“Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network,” the FBI said. After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network, the FBI added. “The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, HiveLeaks.” Related content brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security news Iranian hackers harvest credentials through advanced social engineering campaigns Mandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials. By Shweta Sharma May 02, 2024 4 mins Hacker Groups Social Engineering news Dropbox Sign hack exposed user data, raises security concerns for e-sign industry The names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.” By Gyana Swain May 02, 2024 5 mins Data Breach news UnitedHealth hack may impact a third of US citizens: CEO testimony Despite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online. By Prasanth Aby Thomas May 02, 2024 4 mins Data Breach Ransomware Hacking PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe