Threat Watch

Hive Ransomware Gang Leaked 550 GB Stolen from Consulate Health Care

The Hive ransomware gang recently announced Consulate Health Care as one of their newest victims. The gang stated that the attack took place on December 3rd, 2022, and the attack was disclosed on January 6, 2023. Consulate Health Care is a leading provider of senior healthcare services, specializing in post-acute care. The gang claimed to have stolen contracts, NDA and other agreement documents, private company information (budgets, plans, evaluations, revenue cycle, investors relations, company structure, etc.), employee information (social security numbers, emails, addresses, phone numbers, photos, insurances info, payments, etc.), and customer data (medical records, credit cards, emails, social security numbers, phone numbers, insurances, etc.). The group initially leaked samples of the stolen data as proof of the attack. It then leaked all the victim data after the company had ended negotiations after several weeks because they could not afford even the reduced amount demanded.

ANALYST NOTES

Threat actors can leverage stolen medical records to impersonate legitimate patients to commit various forms of fraud, including submitting fraudulent claims to health insurers without authorization. This could not only affect healthcare coverage, but also compromise safety if ther i’s misinformation on file that is needed for medical treatment. Anyone who may have been a victim of a medical data breach should get confirmation from their provider to find out exactly what information was stolen. Change and strengthen any online logins and implement multi-factor authentication. Asking the insurance provider for copies of claims and carefully reviewing explanation of benefits notices can reveal if a patient’s identity has been used fraudulently. This might show if inaccurate health and medical information is present in the patient’s records. Lastly, financial and credit accounts should be monitored closely, because sometimes medical insurance information is used to commit other forms of financial fraud. Placing a credit freeze on file with the credit bureaus and notifying banks or other financial institutions is helpful to prevent fraud when identity theft is suspected.

Hive Ransomware gang leaked 550 GB stolen from Consulate Health Care