For a brief period yesterday, visitors to Hive ransomware’s leak site would have seen Partnership HealthPlan of California listed.
According to the listing, the threat actors claim to have exfiltrated 850,000 unique records with name, Social Security Number, date of birth, address, contact information, and more. Hive claimed that they had 400 GB of stolen files from an attack that encrypted PHP’s files on March 19.
There was no proof of claims posted with the listing at the time, and within hours, the listing had been removed.
A search of PHP’s website revealed that they had posted a notice on their site. The undated notice begins:
Partnership HealthPlan of California recently became aware of anomalous activity on certain computer systems within its network. We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation. Should our investigation determine that any information was potentially accessible, we will notify affected parties according to regulatory guidelines. We appreciate your patience and understanding and apologize for any inconvenience.
The remainder of their notice provides instructions to providers and methods to be used until services and communications are restored.
PHP is not the first healthcare entity Hive has hit. DataBreaches.net noted their attack on Memorial Health System in Ohio back in August, 2021 and Johnson Memorial Health in Indiana in November.
Updated May 23: The incident was reported to the Maryland AG’s Office as impacting 854,913 people.