The group, known for attacks on healthcare organizations, claims to have stolen 850,000 personally identifiable information records from Partnership HealthPlan of California. Credit: Getty Images The Hive ransomware group has claimed to have stolen 850,000 personally identifiable information (PII) records from the Partnership HealthPlan of California (PHC). The data includes names, Social Security numbers, and addresses along with 400 GB of stolen files from the healthcare organization’s server, according to a post on Hive’s dark web site. The PHC has confirmed “anomalous activity on certain computer systems within its network.”Partnership HealthPlan of California confirms “anomalous activity” on systemsThe PHC’s website currently (March 31) shows a holding page with a message stating that it recently became aware of anomalous activity on certain computer systems within its network. The company’s statement reads:“We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation. Should our investigation determine that any information was potentially accessible, we will notify affected parties according to regulatory guidelines. We appreciate your patience and understanding and apologize for any inconvenience.”At the time of writing, the PHC was unable to receive or process treatment authorization requests. Hive ransomware group synonymous with healthcare attacksHive has been active since at least June 2021 and is synonymous with attacking healthcare organizations and other businesses ill-equipped to defend against cyberattacks. An FBI warning from August 2021 stated that the group likely operates as an affiliate-based ransomware operation and employs a wide variety of tactics, techniques, and procedures, creating significant challenges for defense and mitigation.“Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network,” the FBI said. After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network, the FBI added. “The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, HiveLeaks.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe