Hive Ransomware gang leaked 550 GB stolen from Consulate Health Care

The Hive ransomware gang just leaked 550 GB of data stolen from the Consulate Health Care, including customer and employee PII data.

Consulate Health Care is a leading provider of senior healthcare services, specializing in post-acute care. The Hive ransomware gang this week added the company to its Tor leak site, threatening to publish the stolen data.

The gang states that the attack took place on December 3rd, 2022 and the attack was disclosed on January 6, 2023.

The gang initially leaked samples of the stolen data as proof of the attack, it claimed to have stolen contracts, NDA and other agreements documents, company private info (budgets, plans, evaluations, revenue cycle, investors relations, company structure, etc.), employees info (social security numbers, emails, addresses, phone numbers, photos, insurances info, payments, etc.), and customers info (medical records, credit cards, emails, social security numbers, phone numbers, insurances, etc.).

The security breach was also confirmed by the victim in a notice published on its website.

“One of our vendors recently suffered a security incident in early December where cybercriminals targeted portions of their network. Our vendor promptly began working with third-party experts to help them investigate and respond to the incident. During that investigation, the vendor became aware that the unauthorized third party may have accessed records with personal information.” reads the Notice of Incident published by Consulate Health Care. “Although our vendor is still investigating the scope of that access, we are providing this notice out of an abundance of caution and because we value transparency.”

However the security research Dominic Alvieri first noticed that that the group leaked 550 GB of data stolen from the Consulate Health Care, including customer and employee PII data. He correctly speculates that the negotiations failed and the ransomware gang opted to leak all data without waiting for the planned deadline.

According to DataBreaches, the company had ended negotiations after several weeks because they could not afford even the reduced amount demanded because their insurance would not cover any ransom payment.

While the CHC’s notice highlights that that the root cause of the data breach is an attack against a vendor, Hive representatives told Data Breaches that they “did not attack any CHC vendor but had attacked CHC directly.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Consulate Health Care)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.