Massive data trove from Change Healthcare hack now for sale on dark web

The Change Healthcare data breach keeps getting worse. As previously reported, the health information exchange paid a $22 million ransom to liberate its data from cybercriminals, only to face a second blackmail for another payment. Earlier this week, some sensitive data from Change Healthcare and parent company UnitedHealth Group was leaked online.

Now, the hacker group RansomHub has begun selling data from the breach online. According to Dark Web Informer—an outlet that monitors illicit activity on the Tor network—a posting went live on April 16 advertising the sale of the stolen data. 

In a screenshot of the post shared by Dark Web Informer on X/Twitter, RansomHub claims to have data from “tens of insurance companies,” including Optum, Medicare, and UnitedHealth. The hackers claim the full trove of data contains medical records, dental records, personal health information on active duty military, insurance records, and personally identifiable information on patients, including addresses and social security numbers. 

Perhaps most surprisingly, RansomHub claims to have “thousands of source code files from Change Healthcare solutions,” which could be used to breach the organization’s systems again.

In the posting, RansomHub warns that Change Healthcare and UnitedHealth’s “processing of sensitive data from all of these companies” ultimately means RansomHub has data on most of the U.S. population. 

“For most of the U.S. individuals out there doubting us, we probably have your personal data,” the hacker group wrote. 

RansomHub ends the post by asking insurers to reach out to stop their data from being sold to the highest bidder.

Fallout from the breach is still unfolding

The breach at Change Healthcare is still being investigated, and the full number of individuals and organizations impacted is unknown. Most of the U.S. health system interacts with Change Healthcare and UnitedGroup, so the extensive breach could have significant downstream effects.

Sen. Ron Wyden (D-Ore.), chair of the Senate Finance Committee, stated during a speaking engagement at the American Hospital Association’s annual meeting earlier this week that Congress will be holding a hearing to learn more about the hack.

On Tuesday, UnitedHealth Group said the Change Healthcare breach has already cost the company $872 million in losses, and that number is expected to pass $1.6 billion over time.

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”