Hive Ransomware Takes Down IT Systems of Partnership Health Plan of California
Table of Contents
- By Steven
- Published: Mar 31, 2022
- Last Updated: Feb 27, 2025
Partnership Health Plan of California’s IT systems have been down for an extended period of time due to a Hive ransomware attack. The nonprofit managed care specialist has struggled to return its IT services for more than a week following the ransomware attack.
What has the Partnership Health Plan of California Stated About the Attack?
The Partnership Health Plan of California posted a message on its website indicating it has experienced technical difficulties. The notice posted to the nonprofit’s website stated there was a disruption to specific computer systems.
The group’s member service line also contained a voice message stating that the nonprofit is experiencing technical difficulties and its systems are inoperable. Perhaps the most telling tidbit of information in this voice message is that the nonprofit does not have an expected timeline for repair.
How are Hive Ransomware Attacks Performed?
According to the FBI alert described below, the Hive ransomware attack relies on several unique mechanisms to violate targeted networks. The hackers’ mechanisms include malicious attachments on phishing emails that set the stage for accessing remote desktop protocols and lateral moves after breaching the network.
Once the network is compromised, the ransomware steals information and encrypts files. A ransom note is deposited in the compromised directories within the target systems, providing instructions regarding how to buy the software necessary to decrypt the files.
What has the Nonprofit Done in Response to the Ransomware Hack?
The Press Democrat reports Partnership Health Plan of California began notifying regional healthcare clinics about the system outage about ten days ago. A statement posted on the nonprofit’s website notes the group is working with third-party digital forensics professionals to perform a deep dive into the cause of the disruption, gauge its impact on the group’s digital systems, and eventually restore those systems to functionality. However, this is the extent of information provided regarding the group’s response to the attack.
Has the Hive Hacking Collective Made a Statement?
Ransomware specialists who go by the name of “Hive” took to the dark web to leak data from the PHC hack. The data was encrypted on March 19 and publicized on the internet three days later. According to the HiveLeaks website, the data stolen from the nonprofit contains 400 gigs of information stolen from a file server.
Hive ransomware attackers also stole 850,000 unique records of personally identifiable information. The information in question includes the social security numbers, dates of birth, home addresses, and names of the nonprofit’s customers.
Will PHC pay the Ransom?
At the time of this publication, PHC representatives have not indicated whether they will pay the requested ransom. However, it appears as though the nonprofit has not paid the ransom, as the statement posted on its website states the group cannot accept or process requests for treatment authorizations.
It might take several weeks for the nonprofit to resume operations, meaning it looks like the ransom has not been paid. The company’s website notes TAR forms for medical treatments will be processed retroactively across the next two weeks. However, when pressed for more information, PHC did not provide additional comments about the details of the hack.
Why is Hive Ransomware Such a Problem?
Hive ransomware has quickly become one of the most feared forms of ransomware. The FBI issued a warning about Hive ransomware in the summer of 2021.
FBI digital security specialists indicate Hive ransomware attackers specifically zero in on the healthcare sector. Aside from PHC, Hive ransomware has also struck Memorial Health System, a hospital system in Marietta, Ohio.
