Fraud Management & Cybercrime , Healthcare , Industry Specific
Hive Claims Responsibility for Attack on Nursing Home ChainConsulate Health Care Says Breach Originated at an Unnamed Third-Party Vendor
A Florida-based nursing home chain with a checkered past says an unnamed third-party vendor is responsible for a data breach incident. Ransomware-as-a-service group Hive says it directly targeted Consulate Health Care and posted online data including patient records, employee data and internal documents.
See Also: 2022 Unit 42 Ransomware Threat Report
Consulate Health Care last week posted an online notice fingering "one of our vendors" for the breach. Hive, on its dark web leak site, says it went directly after the nursing home chain in the hopes of obtaining an extortion payment from what the group asserts is a $1 billion company.
Published data seen by Information Security Media Group does not appear to include the entire claimed data set but Hive added an additional link with a path extension that says "will be released in 3 days." The link currently resolves to a blank page.
The reclusive author behind DataBreaches.net wrote on her website that a Hive spokesperson said the group had been in negotiations with CHC for several weeks. Talks broke down, she said, after CHC said the company could not afford even a reduced ransomware payment because its insurance would not cover any ransom payment.
Entities operating under the Consulate Health Care umbrella entered bankruptcy in 2022 after a federal court upheld a multimillion-dollar whistleblower lawsuit alleging the company had filed fraudulent Medicare and Medicaid claims. The final settlement amount was $255 million, a figure bankruptcy proceedings cut down to $4.5 million. At the time of bankruptcy, Consulate Health Care and its affiliates operated approximately 140 skilled nursing facilities. The company is commonly described as the sixth-largest nursing home company in the United States. It has locations in the Gulf Coast and Mid-Atlantic regions. The Tampa Bay Times reported that state regulators in January 2018 threatened to revoke the company's license to operate inside Florida but instead reached a settlement.
CHC did not respond to ISMG's request for further details about the attack.
Hive has been targeting healthcare organizations. In late December, it took credit for an attack against Lake Charles Memorial Health System in Louisiana that resulted in a breach of personal data for nearly 270,000 patients and employees (see: Hive Ransomware Hits Louisiana Hospitals, Leaks Patient Data).