California health plan facing network disruptions after alleged Hive ransomware attack

Partnership HealthPlan of California (PHC) is currently experiencing computer system disruptions and working to recover its network with support from third-party forensic specialists. Multiple reports allege the Hive ransomware group is behind the attack.

Its official website notice does not explain the underlying cause, but DataBreaches.net was first to report that Hive ransomware actors have taken responsibility for the attack. The post has since been removed, but screenshots of its dark web leak site previously displayed data proofs  allegedly exfiltrated from the PHC network before ransomware was deployed.

The proofs contained approximately 850,000 unique records, containing 400GB of data. Hive claimed to have deployed the ransomware on March 19. Again, the official website makes no such statement, nor did the ransomware group reveal any alleged patient data on the site before it was taken down.

The notice shows the health plan is currently investigating the incident and working to “safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation.”

PHC will notify relevant parties if any patient information was potentially accessed during the incident. The health plan has also established a number of helplines for specific medical needs or questions.

It appears the network disruption has disabled PHC’s ability to receive or process Treatment Authorization Requests, the form required to gain pre-approved funding for treatment, including the Medi-Cal approved assistive technology. Providers are being asked to to provide the necessary treatment for the next two weeks, and the TARs will be retroactively completed.

PHC is the second healthcare entity to report ongoing network outages in the last week, bringing the total number of healthcare provider disruptions to four this year, so far.

Portions of the Oklahoma City Indian…