Change Healthcare faces second ransom as cybercriminals leak stolen data

Despite Change Healthcare paying a $22 million ransom, sensitive patient records are being leaked onto the dark web, according to journalists at TechChrunch, who said they’ve seen the data.

The ransomware attack, which impacted Change Healthcare and parent company UnitedHealth Group, caused a nationwide pharmacy outage. Reuters was the first to report the details, with hacker group BlackCat taking credit for the attack via a dark web posting.

Now, despite Change Healthcare paying the ransom for their files to be deleted by hackers, another cybercriminal group called RansomHub has begun leaking files online, demanding a payment of their own. The affiliation between BlackCat and RansomHub is unknown, but the latter is claiming on the dark web to be the actual culprit behind the breach. 

UnitedHealth Group said in a statement to journalists that it is working with law enforcement to investigate the claims made by the groups and to verify the legitimacy of the data posted on the dark web. However, they have no evidence of multiple cyberattacks on any of their databases related to these two demands for ransom in as many months.

The story of this ransom is full of twists and turns. While BlackCat was ultimately paid the $22 million ransom by Change Healthcare and UnitedHealth, a freelance hacker group called ALPHV claimed to have the actual data from the breach, threatening to leak it after BlackCat vanished with the money.

Now, RansomHub is claiming in its posts that neither ALPHV nor BlackCat have the patient data. If confirmed to be authentic, the information leaked online may provide a definitive answer—but of course, it’s also possible all of these groups are working together.

RansomHub said it will sell the patient data to the highest bidder if its demands are not met. The total number of patients impacted by the data breach at Change Healthcare is not clear, as the investigation is ongoing.

In response to the chaos, Congress is expected to hold a hearing in the near future. Sen. Ron Wyden (D-Ore.), chair of the Senate Finance Committee, confirmed the news earlier this week during a speaking engagement at the American Hospital Association’s annual meeting in Washington, D.C.

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

When regulating AI-equipped medical devices, the FDA might take a page from the Department of Transportation’s playbook for overseeing AI-equipped vehicles. These run the gamut from assisting human drivers to fully taking the wheel. 

Kit Crancer, RBMA board member, speaks with Radiology Business about key legislative developments on the Hill that will affect the specialty. 

California-based Acutus Medical has said its ongoing agreement to manufacture and distribute left-heart access devices for Medtronic is the company's only source of revenue.