The Hive ransomware outfit has stolen 850,000 personally identifiable information records from Partnership HealthPlan (PHP) of California, according to sources.
The ransom gang is thought by research firm Sentinel Labs to have used a new technique, dubbed “IPfuscation,” to mount a stealth attack on victims by disguising its payload to make it look like an innocuous series of legitimate IP addresses.
The major US healthcare provider confirmed the breach in a statement, saying it “recently became aware of anomalous activity on certain computer systems within its network.”
PHP California added: “We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation.
“Should our investigation determine that any information was potentially accessible, we will notify affected parties according to regulatory guidelines. We appreciate your patience and understanding and apologize for any inconvenience.”
‘Test your tech’
Pentester and researcher Jay Paz at cybersecurity firm Cobalt said the breach should be taken as yet another wake-up call for companies and organizations, especially those that handle sensitive data.
“Testing your people, technology, and processes is extremely important for the prevention of ransomware attacks,” said Paz. “Deploying company-wide educational social engineering campaigns can help identify individual employees who are not security aware, as well as validate policies that are meant to protect your users.”
Paz also called for “frequent and thorough application and network pentesting” to “ensure assets are not susceptible to breaches.”
“Having a mature vulnerability management and pentesting program is crucial for all, especially organizations that deal with personal data,” he said.
More from Cybernews:
Subscribe to our newsletter