On March 29, 2022, the Hive ransomware group posted a message on its HiveLeaks darkweb site declaring the group had been able to access the personal private information of approximately 850,000 patients of healthcare coverage provider PARTNERSHIP HEALTHPLAN OF CALIFORNIA. This data included names, addresses and Social Security Numbers of their patients. This breach was reportedly first detected by the company on March 24, 2022.
PARTNERSHIP HEALTHPLAN OF CALIFORNIA’s website has the following message: “We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation.”
Brian Higgins, a security specialist with Comparitech, stated last week:
“Based on Comparitech data this is the largest attack in 2022 so far and the 8th largest of all time in the healthcare industry.
“Attacks on the healthcare sector have long been popular with cyber criminals as they provide an extra layer of leverage to any extortion or ransom request. Not only are the target company’s day-to-day business activities, revenue, and reputation put at risk to force payment but with a customer community of vulnerable patients or clients worried that their most intimate and private medical information may be made public, the pressure on a victim organization to pay up quickly and resolve the incident is dramatically increased. Couple this with an ongoing global pandemic and it’s no surprise that the healthcare sector has emerged as one of the most lucrative and attractive for cyber criminals.”[1]
If you are a patient of PARTNERSHIP HEALTHPLAN OF CALIFORNIA and are concerned about this breach of your personal data and what your options are, please contact us at 1-800-745-8153.
[1] “Apple and Meta leak user data to hackers posing as police. Update on TransUnion ransomware attack. Wyze security cameras not so secure. California Healthcare group likely hit by Hive ransomware.” https://thecyberwire.com/newsletters/privacy-briefing/4/62