Cyber-attack on California Healthcare Organization

A non-profit community-based healthcare organization based in Northern California is investigating a cyber-attack that has disrupted its computer systems.

Partnership HealthPlan of California, which serves more than 618,000 Medi-Cal members in 14 Northern California counties from its base in Fairfield, notified a local community health center on March 21 that its computer systems were down. 

The organization’s website has been replaced with a single page, announcing the security incident and listing phone numbers for additional member services.

“Partnership HealthPlan of California recently became aware of anomalous activity on certain computer systems within its network,” states the page. 

“We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation.”

The investigation has not yet determined whether any personal data belonging to patients or staff was compromised in the attack. 

A recorded message on Partnership HealthPlan’s member services line on Thursday informed callers: “We are experiencing technical problems and all our systems are down with no expected time of repair.”

In a dark web post that has since been deleted, a ransomware group claimed to have accessed Partnership HealthPlan’s system and stolen 400GB files from the organization’s server. The cyber-criminal gang claims the files house hundreds of thousands of medical records containing patients’ names, Social Security Numbers, dates of birth, addresses and contact details. 

“Hive ransomware group has posted on its darkweb site that it has stolen 850,000 personally identifiable information (PII) records from the Partnership HealthPlan of California,” said Brian Higgins, security specialist with Comparitech.

Noting the attack’s significance if the gang’s claims prove true, Higgins added: “Based on Comparitech data, this is the largest attack in 2022 so far and the 8th largest of all time in the healthcare industry.”

In an email to the Press Democrat on Wednesday, Partnership HealthPlan spokesperson Dustin Lyda wrote: “We are aware of the claims. As our investigation is ongoing, we are unable to provide additional information at this time.” 

Leave a Reply