Hive Ransomware Group Claims to Steal California Health Plan Patient Data

The Hive ransomware group posted on its DarkWeb site that it has stolen 850,000 personally identifiable information (PII) records from the Partnership HealthPlan of California. The stolen data also includes 400 GB of stolen files from the organization’s server, Hive claimed. The organization’s website is currently down as are the phone systems with no expected time of repair.

After compromising a victim network, the actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site.


Gary Ogasawara, CTO of Cloudian:



"The recent Hive ransomware attack on the Partnership HealthPlan of California highlights the damage that such attacks can inflict, not only on the victim’s operations and reputation but also on its customers. Unfortunately, traditional defenses such as perimeter security solutions and anti-phishing training have proven ineffective against increasingly sophisticated attacks.

As a result, organizations need to focus greater attention on being able to recover in the event of an attack and minimize the potential impact. The best way to do so is to have an immutable data backup copy and encrypt sensitive data, both in flight and at rest.

Immutability prevents cybercriminals from altering or deleting data for a specified period of time, enabling users to recover the unchanged copy of the data and resume operations quickly after an attack, without having to pay ransom. Encrypting sensitive data ensures that such criminals can’t read or expose it in any intelligible form – as the Hive group has threatened to do with patient data in this case – thereby eliminating the other method of ransomware extortion."


###