U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hive Ransomware gang leaked 550 GB stolen from Consulate Health Care

The Hive ransomware gang just leaked 550 GB of data stolen from the Consulate Health Care, including customer and employee PII data. Consulate Health Care is a leading provider of senior healthcare services, specializing in post-acute care. The Hive ransomware gang this week added the company to its Tor leak site, threatening to publish the stolen […]

Consulate Health Care

The Hive ransomware gang just leaked 550 GB of data stolen from the Consulate Health Care, including customer and employee PII data.

Consulate Health Care is a leading provider of senior healthcare services, specializing in post-acute care. The Hive ransomware gang this week added the company to its Tor leak site, threatening to publish the stolen data.

The gang states that the attack took place on December 3rd, 2022 and the attack was disclosed on January 6, 2023.

The gang initially leaked samples of the stolen data as proof of the attack, it claimed to have stolen contracts, NDA and other agreements documents, company private info (budgets, plans, evaluations, revenue cycle, investors relations, company structure, etc.), employees info (social security numbers, emails, addresses, phone numbers, photos, insurances info, payments, etc.), and customers info (medical records, credit cards, emails, social security numbers, phone numbers, insurances, etc.).

The security breach was also confirmed by the victim in a notice published on its website.

“One of our vendors recently suffered a security incident in early December where cybercriminals targeted portions of their network. Our vendor promptly began working with third-party experts to help them investigate and respond to the incident. During that investigation, the vendor became aware that the unauthorized third party may have accessed records with personal information.” reads the Notice of Incident published by Consulate Health Care. “Although our vendor is still investigating the scope of that access, we are providing this notice out of an abundance of caution and because we value transparency.”

However the security research Dominic Alvieri first noticed that that the group leaked 550 GB of data stolen from the Consulate Health Care, including customer and employee PII data. He correctly speculates that the negotiations failed and the ransomware gang opted to leak all data without waiting for the planned deadline.

According to DataBreaches, the company had ended negotiations after several weeks because they could not afford even the reduced amount demanded because their insurance would not cover any ransom payment.

While the CHC’s notice highlights that that the root cause of the data breach is an attack against a vendor, Hive representatives told Data Breaches that they “did not attack any CHC vendor but had attacked CHC directly.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Consulate Health Care)

[adrotate banner=”5″]

[adrotate banner=”13″]