The Hive ransomware-as-a-service (RaasS) operation has professed liability for an attack on Florida-based Consulate Health Care, a chain of 140 U.S. nursing homes. The group states it stole 550 GB of information during the attack and encrypted the files on December 3, 2022. On January 6, 2023, the leak site of the group published information about the breach and actually exposed selected data presumably stolen during the attack. The stolen data allegedly consists of contracts, company data, worker data, and patient records like health records, contact details, insurance data, and Social Security numbers.
Consulate Health Care’s website posted a substitute breach notice about the same period when Hive posted publicly about the attack. Consulate Health Care stated on the breach notice posted on the website that the attack happened at one of its (anonymous) vendors. The ongoing investigation of the incident is still determining the magnitude of the data breach. Consulate Health Care stated that it is working directly with its vendor and that the investigation is moving forward as quickly as possible to ascertain the scope of protected health information (PHI) involved and the persons that were impacted. Consulate Health Care explained that it is giving this information because it values transparency and wants to exercise a lot of caution.
The Hive ransomware group has a different perspective on the attack and states that there was no vendor involved. Rather, a representative for the group mentioned in a dialogue with databreaches.net that it directly attacked Consulate Health Care. The time of posting the breach notice indicates that it pertains to a similar incident.
The Hive RaaS gang is one of the ransomware groups identified that targets the healthcare sector, for example, the attacks on Lake Charles Memorial Health System located in Louisiana which impacted the information of 270,000 individuals, and the attack on Empress EMS, a New York ambulance service, which impacted as much as 318,558 persons. Because of the likely chance of attacks, the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity alert in November 2022, which consists of technical data regarding the tactics, techniques, and procedures employed by the gang and indicators of compromise for system defenders.