The group, known for attacks on healthcare organizations, claims to have stolen 850,000 personally identifiable information records from Partnership HealthPlan of California. Credit: Getty Images The Hive ransomware group has claimed to have stolen 850,000 personally identifiable information (PII) records from the Partnership HealthPlan of California (PHC). The data includes names, Social Security numbers, and addresses along with 400 GB of stolen files from the healthcare organization’s server, according to a post on Hive’s dark web site. The PHC has confirmed “anomalous activity on certain computer systems within its network.”Partnership HealthPlan of California confirms “anomalous activity” on systemsThe PHC’s website currently (March 31) shows a holding page with a message stating that it recently became aware of anomalous activity on certain computer systems within its network. The company’s statement reads:“We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation. Should our investigation determine that any information was potentially accessible, we will notify affected parties according to regulatory guidelines. We appreciate your patience and understanding and apologize for any inconvenience.” At the time of writing, the PHC was unable to receive or process treatment authorization requests. Hive ransomware group synonymous with healthcare attacksHive has been active since at least June 2021 and is synonymous with attacking healthcare organizations and other businesses ill-equipped to defend against cyberattacks. An FBI warning from August 2021 stated that the group likely operates as an affiliate-based ransomware operation and employs a wide variety of tactics, techniques, and procedures, creating significant challenges for defense and mitigation.“Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network,” the FBI said. After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network, the FBI added. “The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, HiveLeaks.” Related content news Salt Security adds defense against OAuth attacks The new offering is designed to mitigate vulnerabilities and misconfigurations associated with the open authentication (OAuth) authorization framework. By Shweta Sharma Apr 25, 2024 3 mins Authentication Security Software news Cisco urges immediate software upgrade after state-sponsored attack Hackers exploited previously undetected vulnerabilities in Cisco’s Adaptive Security Appliances — a product that combines multiple cybersecurity functions. By Prasanth Aby Thomas Apr 25, 2024 3 mins Vulnerabilities brandpost Sponsored by Microsoft Security What will cyber threats look like in 2024? Analyzing incidents in the past will help advise a stronger cybersecurity strategy in the future—2024 and beyond. By Microsoft Security Apr 24, 2024 5 mins Security news analysis How the ToddyCat threat group sets up backup traffic tunnels into victim networks The Chinese APT group is using a variety of tools to infiltrate networks and steal large amounts of data. By Lucian Constantin Apr 24, 2024 6 mins Advanced Persistent Threats Threat and Vulnerability Management Network Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe