DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Consulate Health Care chain hit by Hive

Posted on January 6, 2023 by Dissent

Hive ransomware gang has added another healthcare-related victim to its leak site. This time, the victim is Consulate Health Care (CHC), a chain of service providers with a troubled financial history.

Enter Hive, Stage Left

Hive’s listing for CHC indicates that they locked CHC’s files on December 3.

Listing for Consulate Health Care on Hive's leak site.

Hive has already leaked some of what does appear to be CHC’s data. The ransomware group claims to have acquired:

– contracts, nda and other agreements documents – company private info (budgets, plans, evaluations, revenue cycle, investors relation, company structure, etc.) – employees info (social security numbers, emails, addresses, phone numbers, photos, insurances info, payments, etc.) – customers info (medical records, credit cards, emails, social security numbers, phone numbers, insurances, etc

Not all of those data types could be confirmed in the partial data leak, but it is clear that Hive did acquire a lot of data.

CHC’s Notice of Incident

Before any disclosure by Hive, DataBreaches learned that they would be leaking CHC data because CHC had ended negotiations after several weeks. Their representative indicated that they could not afford even the reduced amount demanded because their insurance would not cover any ransom payment.

Checking CHC’s website yesterday, DataBreaches was surprised that CHC had already disclosed the breach. But their description of the incident did not match what a spokesperson for Hive had informed DataBreaches.

CHC announcement of an alleged December vendor breach appeared on their web site.

Specifically, CHC’s notice of incident repeatedly refers to the incident as involving a vendor, e.g. (emphasis added):

One of our vendors recently suffered a security incident in early December where cybercriminals targeted portions of their network.

Our vendor promptly began working with third-party experts to help them investigate and respond to the incident. During that investigation, the vendor became aware that the unauthorized third party may have accessed records with personal information.

Although our vendor is still investigating the scope of that access….

The problem is that Hive’s spokesperson was quite definite that they did not attack any CHC vendor but had attacked CHC directly.

CHC’s notice refers to an early December incident, which is consistent with Hive’s December 3 lock date, so CHC’s notice is likely referring to the Hive attack. But why is CHC claiming the attack was on an unnamed vendor?

DataBreaches submitted two contact queries to CHC yesterday, asking them to respond to Hive’s claim that this was not a vendor attack, and requesting additional details, but has received no reply from CHC.

CHC’s Recent History of Bankruptcy

Hive’s listing states that CHC’s revenue is “1000 million.”  Zoominfo.com does list CHC’s revenue as $1B, which may sound tempting, but CHC actually has a troubled financial history. Its history for more than a decade has resulted in so much bad press and litigation that it seems to have engaged in some complex rebranding and dividing up of corporations to distance itself from… itself.

CHC’s financial troubles began in 2011.  A former nurse had turned whistleblower and had accused the owners of two skilled nursing homes of defrauding taxpayers by overcharging Medicaid and Medicare for rehabilitation services. CHC inherited the False Claims Act litigation in 2012.

In 2017, a civil jury agreed with the claims and penalized CHC more than $115 million, which was later reduced to $85 million. After trebling and penalties, though, the reduced judgment still amounted to $256 million. It was a considerable amount, but still lower than the original $347.9 million verdict after trebling.

In March 2021, CHC filed for Chapter 11 bankruptcy, claiming it did not have the resources to pay the False Claims judgment.  A settlement of the bankruptcy case reduced the amount to $4.5 million, split between the government and the whistleblower. The settlement was approved in September.

So against the backdrop of what it had gone through, now CHC was faced with a ransom demand. They didn’t pay it but have issued a statement that claims the breach was not theirs, but a vendor’s?

DataBreaches will update this if a reply is received or more information becomes available.

Category: Breach IncidentsHealth DataMalwareU.S.

Post navigation

← HC3: Analyst Note: Clop Ransomware
Air France and KLM notify customers of account hacks →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.