The Fairfield-based nonprofit is trying to determine if the secured access to the personal records of any of its more than 850,000 members in 14 counties has been compromised.
Medi-Cal managed services provider Partnership HealthPlan of California announced on its website that it had been hacked.
Now, the Fairfield-based nonprofit is trying to determine if the secured access to the personal records of any of its more than 850,000 members in 14 counties has been compromised.
Local media are reporting that a ransomware group known as Hive is claiming to have stolen private data, and PHC published a statement on its website acknowledging that it has “recently became aware of anomalous activity on certain computer systems within its network.”
The (Santa Rosa) Press Democrat published a screenshot purportedly from Hive claiming that the “stolen data includes…850,000 unique records of name, SSN, date of birth, address, contact, etc.” along with 400 gigabytes of data stolen from PHC’s file server.
“We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation,” the statement said.
“Should our investigation determine that any information was potentially accessible, we will notify affected parties according to regulatory guidelines.”
Because of the hack, PHC said it can’t receive or process Treatment Authorization Requests. As a result, the company said that procedures scheduled within the next two weeks for inpatient admission or for urgent services can proceed as scheduled and the TARs can be submitted retroactively.
The FBI last August issued a Flash Report on Hive ransomware, which surfaced in June 2021 and “likely operates as an affiliate-based ransomware, employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation.”
“After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, “HiveLeaks.”
John Commins is a content specialist and online news editor for HealthLeaders, a Simplify Compliance brand.