Partnership HealthPlan of California (PHC), has reportedly had 850,000 personal records exfiltrated by the Hive ransomware group on March 19, 2022. As of the date of this posting, PHC’s website is still inaccessible to patients, health care providers and the public. PHC has currently replaced their website with a holding page that reads, in part:
“Partnership HealthPlan of California recently became aware of anomalous activity on certain computer systems within its network. We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation. Should our investigation determine that any information was potentially accessible, we will notify affected parties according to regulatory guidelines. We appreciate your patience and understanding and apologize for any inconvenience.”
According to news reports, 400,000 gigabtyes of personal data were stolen by Hive from PHC made up of 850,000 unique records, including first and last names, social security numbers, dates of birth, addresses and other contact information.
The Hive ransomware group was the subject of an FBI Flash Alert, 7 months ago, in August of 2021, warning businesses about the group’s tactics. According to the FBI Alert,
“Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network.”
“After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, ‘HiveLeaks.’”
The FBI also provided information to businesses about how to determine if they have been compromised by Hive ransomware.
For more information about Hive’s reported attack on Partnership HealthPlan of California, click here
California Laws that Protect Patients Victimized by Data Breaches
Patients residing in California have important consumer privacy laws that may entitle them to $1000 (even if they have sustained no actual monetary damages), plus between $100 and $750 or their actual damages, whichever is greater.
• The California Customer Records Act (CCRA) requires businesses to put into place
and maintain reasonable security procedures and practices that protect a
consumer’s personal information.
• The California Consumer Privacy Act (CCPA) contains many protections for the
personal information of California residents.
• The California Confidentiality of Medical Information Act (CMIA) requires that
every health care provider and health care service plan who maintains medical
information do so in a manner that preserves its confidentiality.
We Can Help You Exercise Your Rights
Every case is unique. Even when your data has been part of a breach, you may not necessarily be awarded compensation. Experienced data breach class action attorneys can help you exercise your rights and evaluate your options and decide whether you are entitled to compensation under the CCPA/CMIA. There are no out of pocket costs to you, as we only get paid if we prevail.
For more information on your legal options, please contact us using the form found here
Links on this website are not intended to be referrals to, or endorsements of, the linked entities or imply any relationship to the linked site or its operator.
Comments