Change Healthcare faces second ransom as cybercriminals leak stolen data

Despite Change Healthcare paying a $22 million ransom, sensitive patient records are being leaked onto the dark web, according to journalists at TechChrunch, who said they’ve seen the data.

The ransomware attack, which impacted Change Healthcare and parent company UnitedHealth Group, caused a nationwide pharmacy outage. Reuters was the first to report the details, with hacker group BlackCat taking credit for the attack via a dark web posting.

Now, despite Change Healthcare paying the ransom for their files to be deleted by hackers, another cybercriminal group called RansomHub has begun leaking files online, demanding a payment of their own. The affiliation between BlackCat and RansomHub is unknown, but the latter is claiming on the dark web to be the actual culprit behind the breach. 

UnitedHealth Group said in a statement to journalists that it is working with law enforcement to investigate the claims made by the groups and to verify the legitimacy of the data posted on the dark web. However, they have no evidence of multiple cyberattacks on any of their databases related to these two demands for ransom in as many months.

The story of this ransom is full of twists and turns. While BlackCat was ultimately paid the $22 million ransom by Change Healthcare and UnitedHealth, a freelance hacker group called ALPHV claimed to have the actual data from the breach, threatening to leak it after BlackCat vanished with the money.

Now, RansomHub is claiming in its posts that neither ALPHV nor BlackCat have the patient data. If confirmed to be authentic, the information leaked online may provide a definitive answer—but of course, it’s also possible all of these groups are working together.

RansomHub said it will sell the patient data to the highest bidder if its demands are not met. The total number of patients impacted by the data breach at Change Healthcare is not clear, as the investigation is ongoing.

In response to the chaos, Congress is expected to hold a hearing in the near future. Sen. Ron Wyden (D-Ore.), chair of the Senate Finance Committee, confirmed the news earlier this week during a speaking engagement at the American Hospital Association’s annual meeting in Washington, D.C.

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”