Cyber Incident Victim: First Choice Community Healthcare
Date:
Mar 2022
Location:
United States of America
Summary
First Choice Community Healthcare experienced a ransomware attack claimed by the Hive group, which exfiltrated patient records, financial data, and personnel files. The attackers briefly posted archived evidence of the compromised information before removing it from their leak site. The healthcare provider did not publicly confirm or deny the breach at the time of reporting, leaving the extent of operational disruption and data misuse unclear.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 28, 2022, the Hive ransomware group claimed responsibility for an attack targeting First Choice Community Healthcare (FCCH), a healthcare provider in New Mexico. The attackers provided archived files as proof of compromise, which allegedly contained sensitive patient information, financial records, and personnel/HR-related documents. This incident occurred shortly after Hive’s March 19 attack on Partnership HealthPlan of California, demonstrating the group’s continued focus on healthcare sector targets despite widespread condemnation of such attacks. Hive briefly listed FCCH on their data leak site but removed the entry hours after its initial posting, though the exact reason for this removal remains unclear from available sources. The exposed data categories suggested a significant breach involving protected health information (PHI) and internal organizational data, though the specific volume of affected records was not disclosed in the leak site evidence. FCCH did not issue any public statements regarding the incident at the time of the April 7 report, nor had they responded to inquiries from DataBreaches.net seeking confirmation of the breach.
The absence of an immediate public acknowledgment or denial by FCCH created uncertainty about the attack’s operational impact and the organization’s response timeline. Hive’s publication of sample data—including patient-related and financial information—indicated potential risks of data misuse, though no further details about data exfiltration or encryption tactics were provided in the available reporting. Unlike other contemporaneous healthcare ransomware incidents documented in the same article, such as LockBit’s attack on Val Verde Regional Medical Center or Avos Locker’s breach of McKenzie Health System, no follow-up information emerged regarding Hive’s interactions with FCCH or additional data releases. The incident occurred during a period of heightened ransomware activity targeting U.S. healthcare entities, with at least five separate groups—including Hive, Avos Locker, LockBit, Suncrypt, and Conti—conducting attacks on medical providers within a two-week timeframe. FCCH’s breach remained unconfirmed through official channels as of the article’s latest update on May 12, 2022, which noted that other victim organizations like McKenzie Health System eventually reported incidents to regulators weeks after initial leak site appearances. The lack of subsequent disclosures or updates from FCCH left the full scope and consequences of the Hive ransomware incident unresolved in public documentation.