We’re excited to carry Rework 2022 again in-person July 19 and just about July 20 – August 3. Be part of AI and information leaders for insightful talks and thrilling networking alternatives. Be taught Extra
The Hive ransomware group, recognized for attacking healthcare organizations, posted on its darkweb web site that it has stolen 850,000 personally identifiable data (PII) information from the Partnership HealthPlan of California.
The group’s web site at present consists of a touchdown web page that claims the well being plan has been “experiencing technical difficulties,” together with a “disruption to sure laptop programs.” The group’s telephone programs have an identical message, with a recorded message saying that “all of our programs are down, with no anticipated time of restore.”
“We’re working diligently with third-party specialists to analyze the supply of this disruption, verify its affect on our programs, and to revive full performance to our programs as quickly as doable,” the well being plan mentioned within the message on its web site, which isn’t dated.
The Partnership HealthPlan of California says it has arrange Gmail addresses for sufferers and suppliers to contact. VentureBeat has emailed the tackle for normal inquiries.
Brett Callow, a risk analyst at cybersecurity agency Emsisoft, mentioned in a message to VentureBeat that “establishing different communication channels is a regular play in incident response.”
“Even when your electronic mail system is working, the attackers might have entry and have the ability to monitor communications,” Callow mentioned.
The technical points seem to have begun a number of days in the past. The Press Democrat reported on the problems on March 24, with out point out of a cyberattack, and indicated that the well being plan has greater than 618,000 members in Northern California.
The Hive ransomware group posted its declare concerning the stolen Partnership HealthPlan of California information on Tuesday. The information consists of 850,000 distinctive PII information, comparable to title, social safety quantity and tackle, in keeping with the group. The stolen information additionally consists of 400 GB of stolen information from the group’s server, Hive claimed.
The ransomware group has been lively since not less than June 2021, which is the primary time the group posted on its “HiveLeaks” darkweb web site.
Previous reported ransomware assaults by Hive have included an August 2021 assault in opposition to Memorial Well being System, which has hospitals in Ohio and West Virginia, and an October 2021 assault in opposition to Johnson Memorial Well being in Indiana.
A earlier alert from the FBI warned that the Hive ransomware group “probably operates as an affiliate-based ransomware, employs all kinds of techniques, strategies, and procedures (TTPs), creating vital challenges for protection and mitigation.”
“Hive ransomware makes use of a number of mechanisms to compromise enterprise networks, together with phishing emails with malicious attachments to realize entry and Distant Desktop Protocol (RDP) to maneuver laterally as soon as on the community,” the FBI mentioned. “After compromising a sufferer community, Hive ransomware actors exfiltrate information and encrypt information on the community. The actors go away a ransom be aware in every affected listing inside a sufferer’s system, which supplies directions on tips on how to buy the decryption software program. The ransom be aware additionally threatens to leak exfiltrated sufferer information on the Tor web site, ‘HiveLeaks.’”
VentureBeat’s mission is to be a digital city sq. for technical decision-makers to realize information about transformative enterprise expertise and transact. Be taught Extra