DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Consulate Health Care chain hit by Hive

Posted on January 6, 2023 by Dissent

Hive ransomware gang has added another healthcare-related victim to its leak site. This time, the victim is Consulate Health Care (CHC), a chain of service providers with a troubled financial history.

Enter Hive, Stage Left

Hive’s listing for CHC indicates that they locked CHC’s files on December 3.

Listing for Consulate Health Care on Hive's leak site.

Hive has already leaked some of what does appear to be CHC’s data. The ransomware group claims to have acquired:

– contracts, nda and other agreements documents – company private info (budgets, plans, evaluations, revenue cycle, investors relation, company structure, etc.) – employees info (social security numbers, emails, addresses, phone numbers, photos, insurances info, payments, etc.) – customers info (medical records, credit cards, emails, social security numbers, phone numbers, insurances, etc

Not all of those data types could be confirmed in the partial data leak, but it is clear that Hive did acquire a lot of data.

CHC’s Notice of Incident

Before any disclosure by Hive, DataBreaches learned that they would be leaking CHC data because CHC had ended negotiations after several weeks. Their representative indicated that they could not afford even the reduced amount demanded because their insurance would not cover any ransom payment.

Checking CHC’s website yesterday, DataBreaches was surprised that CHC had already disclosed the breach. But their description of the incident did not match what a spokesperson for Hive had informed DataBreaches.

CHC announcement of an alleged December vendor breach appeared on their web site.

Specifically, CHC’s notice of incident repeatedly refers to the incident as involving a vendor, e.g. (emphasis added):

One of our vendors recently suffered a security incident in early December where cybercriminals targeted portions of their network.

Our vendor promptly began working with third-party experts to help them investigate and respond to the incident. During that investigation, the vendor became aware that the unauthorized third party may have accessed records with personal information.

Although our vendor is still investigating the scope of that access….

The problem is that Hive’s spokesperson was quite definite that they did not attack any CHC vendor but had attacked CHC directly.

CHC’s notice refers to an early December incident, which is consistent with Hive’s December 3 lock date, so CHC’s notice is likely referring to the Hive attack. But why is CHC claiming the attack was on an unnamed vendor?

DataBreaches submitted two contact queries to CHC yesterday, asking them to respond to Hive’s claim that this was not a vendor attack, and requesting additional details, but has received no reply from CHC.

CHC’s Recent History of Bankruptcy

Hive’s listing states that CHC’s revenue is “1000 million.”  Zoominfo.com does list CHC’s revenue as $1B, which may sound tempting, but CHC actually has a troubled financial history. Its history for more than a decade has resulted in so much bad press and litigation that it seems to have engaged in some complex rebranding and dividing up of corporations to distance itself from… itself.

CHC’s financial troubles began in 2011.  A former nurse had turned whistleblower and had accused the owners of two skilled nursing homes of defrauding taxpayers by overcharging Medicaid and Medicare for rehabilitation services. CHC inherited the False Claims Act litigation in 2012.

In 2017, a civil jury agreed with the claims and penalized CHC more than $115 million, which was later reduced to $85 million. After trebling and penalties, though, the reduced judgment still amounted to $256 million. It was a considerable amount, but still lower than the original $347.9 million verdict after trebling.

In March 2021, CHC filed for Chapter 11 bankruptcy, claiming it did not have the resources to pay the False Claims judgment.  A settlement of the bankruptcy case reduced the amount to $4.5 million, split between the government and the whistleblower. The settlement was approved in September.

So against the backdrop of what it had gone through, now CHC was faced with a ransom demand. They didn’t pay it but have issued a statement that claims the breach was not theirs, but a vendor’s?

DataBreaches will update this if a reply is received or more information becomes available.

Related posts:

  • 700 sites hacked by Indian hackers as a revenge attack
  • Business Associate’s Failure to Safeguard Nursing Home Residents’ PHI Leads to $650,000 HIPAA Settlement
  • Hive Ransomware’s infrastructure seized; law enforcement “hacked the hackers”
  • Update: Norman Public Schools’ employee and student leaked on dark web by ransomware gang
Category: Breach IncidentsHealth DataMalwareU.S.

Post navigation

← HC3: Analyst Note: Clop Ransomware
Air France and KLM notify customers of account hacks →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.