Consulate Health Care Falls Victim To Hive RaaS Attack, Patient Data Compromised

Consulate Health Care, a Florida-based chain of 140 U.S. nursing homes, has been targeted in an attack by the Hive ransomware-as-a-service (RaasS) operation. On January 6, 2023, the group posted on their leak site about the breach, claiming to have stolen 550 GB of data and encrypted files on December 3, 2022. Furthermore, some of the data allegedly taken in the attack has already been leaked, including contracts, company information, employee details, and patient information such as medical records, Social Security numbers, contact information, and insurance information.

Consulate Health Care released a replacement breach announcement on their website when details of the attack were made public by Hive. The notice stated that the attack occurred at one of their vendors, who is still looking into the incident to discover the scope of the breach. The healthcare provider stated that they are collaborating with their vendor and making sure that the investigation is being conducted in a timely manner to identify how much of the protected health information was exposed and who has been impacted. They said this notification was being given out of an abundance of caution due to their dedication to being open and honest. The Hive ransomware gang has a different outlook on the attack, claiming that no third-party vendor was involved. A representative for the group spoke to and stated that Consulate Health Care was the direct target of the attack. The timing of the breach notification implies that it pertains to the same incident.

In November 2022, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) issued a joint cybersecurity advisory to address the high risk of ransomware attacks on the healthcare industry. The advisory contained technical information on the tactics, techniques, and procedures used by the Hive RaaS group, as well as indicators of compromise for network defenders. Notably, this group was responsible for the data breach of 270,000 patients at Lake Charles Memorial Health System in Louisiana, as well as the attack on Empress EMS in New York that affected up to 318,558 individuals.