Change Healthcare faces second ransom as cybercriminals leak stolen data
Despite Change Healthcare paying a $22 million ransom, sensitive patient records are being leaked onto the dark web, according to journalists at TechChrunch, who said they’ve seen the data.
The ransomware attack, which impacted Change Healthcare and parent company UnitedHealth Group, caused a nationwide pharmacy outage. Reuters was the first to report the details, with hacker group BlackCat taking credit for the attack via a dark web posting.
Now, despite Change Healthcare paying the ransom for their files to be deleted by hackers, another cybercriminal group called RansomHub has begun leaking files online, demanding a payment of their own. The affiliation between BlackCat and RansomHub is unknown, but the latter is claiming on the dark web to be the actual culprit behind the breach.
UnitedHealth Group said in a statement to journalists that it is working with law enforcement to investigate the claims made by the groups and to verify the legitimacy of the data posted on the dark web. However, they have no evidence of multiple cyberattacks on any of their databases related to these two demands for ransom in as many months.
The story of this ransom is full of twists and turns. While BlackCat was ultimately paid the $22 million ransom by Change Healthcare and UnitedHealth, a freelance hacker group called ALPHV claimed to have the actual data from the breach, threatening to leak it after BlackCat vanished with the money.
Now, RansomHub is claiming in its posts that neither ALPHV nor BlackCat have the patient data. If confirmed to be authentic, the information leaked online may provide a definitive answer—but of course, it’s also possible all of these groups are working together.
RansomHub said it will sell the patient data to the highest bidder if its demands are not met. The total number of patients impacted by the data breach at Change Healthcare is not clear, as the investigation is ongoing.
In response to the chaos, Congress is expected to hold a hearing in the near future. Sen. Ron Wyden (D-Ore.), chair of the Senate Finance Committee, confirmed the news earlier this week during a speaking engagement at the American Hospital Association’s annual meeting in Washington, D.C.