Partnership HealthPlan of California

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In March 2022, Partnership HealthPlan of California (PHC) experienced a significant cybersecurity incident that affected the personal information of approximately 854,913 individuals. This cyberattack, attributed to the Hive ransomware group, led to the potential compromise of sensitive health information[1][5]. Following the incident, PHC faced a proposed class-action lawsuit alleging that the organization failed to adequately secure the personal information of its members[3][5]. The lawsuit claims that PHC did not take necessary steps to prevent the attack and has been accused of not promptly notifying the victims about the breach of their personal data as required under both federal and state laws[5].

The Hive ransomware group, known for targeting healthcare organizations, claimed responsibility for the attack, stating they had stolen 850,000 personally identifiable information (PII) records from PHC[5]. In response to the cyberattack, PHC replaced its traditional webpage with a notice about the system downtime due to “anomalous activity” and worked on restoring its website functionality[5]. Despite these efforts, there was criticism regarding PHC’s communication and handling of the breach aftermath, particularly concerning the timely notification to affected individuals[5].

This incident underscores the growing threat of ransomware attacks on healthcare organizations, highlighting the importance of robust cybersecurity measures and prompt incident response strategies to protect sensitive patient information[5].

Citations:

  1. https://www.hipaajournal.com/over-850000-individuals-affected-by-partnership-healthplan-of-california-cyberattack/
  2. https://www.placer.ca.gov/9488/Transition-to-Partnership-HealthPlan
  3. https://janssenlaw.com/class-action-lawsuit-alleges-partnership-healthplan-of-california-allowed-data-of-up-to-850000-enrollees-subject-to-ransomware-attack/
  4. https://kymkemp.com/2024/02/13/partnership-health-plan-of-california-honors-st-joseph-hospital-redwood-memorial-hospital-for-high-quality/
  5. https://healthitsecurity.com/news/ca-health-plan-faces-lawsuit-after-cybersecurity-incident-linked-to-hive-ransomware
  6. https://www.sierrasun.com/news/new-managed-care-plan-for-nv-county-medi-cal-recipients/
  7. https://www.thelyonfirm.com/class-action/data-breach/partnership-healthplan-california/
  8. https://finance.yahoo.com/news/california-teens-equitable-access-mobile-110500503.html
  9. https://oag.ca.gov/system/files/Partnership%20HealthPlan%20of%20California%20-%20Sample%20notice.pdf
  10. https://medcitynews.com/2023/11/teen-mental-health-schools-health-plan/
  11. https://www.scmagazine.com/analysis/after-hive-cyberattack-partnership-healthplan-confirms-data-theft-affecting-855k
  12. https://www.businesswire.com/news/home/20231003148045/en/AEG-Announces-Expansion-of-Relationship-With-Blue-Shield-of-California-Names-the-Health-Plan-as-an-Official-Helmet-Partner-of-the-LA-Kings-and-Ontario-Reign
  13. https://www.pressdemocrat.com/article/news/ransomware-group-claims-responsibility-for-partnership-healthplan-internet/
  14. https://www.bankinfosecurity.com/partnership-health-plan-california-systems-still-down-a-18817
  15. https://www.jdsupra.com/legalnews/data-breach-alert-partnership-9507071/
  16. https://www.pressdemocrat.com/article/news/medi-cal-healthplan-website-and-computer-systems-down/
Breach Submission Date May 18, 2022
Converted Entity Name Partnership HealthPlan of California
Converted Entity Type Health Plan
State CA
Individuals Affected 854,913
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes