Change Healthcare faces second ransom as cybercriminals leak stolen data
Chad Van Alstin | April 16, 2024 | Health Exec | Cybersecurity
money cybersecurity ransomware health IT data breach hacker

Despite Change Healthcare paying a $22 million ransom, sensitive patient records are being leaked onto the dark web, according to journalists at TechChrunch, who said they’ve seen the data.

The ransomware attack, which impacted Change Healthcare and parent company UnitedHealth Group, caused a nationwide pharmacy outage. Reuters was the first to report the details, with hacker group Blackcat taking credit for the attack via a dark web posting.

Now, despite Change Healthcare paying the ransom for their files to be deleted by hackers, another cybercriminal group called RansomHub has begun leaking files online, demanding a payment of their own. The affiliation between Blackcat and RansomHub is unknown, but the latter is claiming on the dark web to be the actual culprit behind the breach. 

UnitedHealth Group said in a statement to journalists that it is working with law enforcement to investigate the claims made by the groups and to verify the legitimacy of the data posted on the dark web. However, they have no evidence of multiple cyberattacks on any of their databases related to these two demands for ransom in as many months.

The story of this ransom is full of twists and turns. While Blackcat was ultimately paid the $22 million ransom by Change Healthcare and UnitedHealth, a freelance hacker group called ALPHV claimed to have the actual data from the breach, threatening to leak it after Blackcat vanished with the money.

Now, RansomHub is claiming in its posts that neither ALPHV nor Blackcat have the patient data. If confirmed to be authentic, the information leaked online may provide a definitive answer—but of course, it’s also possible all of these groups are working together.

RansomHub said it will sell the patient data to the highest bidder if its demands are not met. The total number of patients impacted by the data breach at Change Healthcare is not clear, as the investigation is ongoing.

In response to the chaos, Congress is expected to hold a hearing in the near future. Sen. Ron Wyden (D-Ore.), chair of the Senate Finance Committee, confirmed the news earlier this week during a speaking engagement at the American Hospital Association’s annual meeting in Washington, D.C.

Related Articles:

Multistate health system recovering from T-day ransomware attack
Hospital trio learns cybersecurity lessons the hard way
New ransomware threat with ties to Russia targets healthcare providers
Another ransomware warning for healthcare providers: North Korean attacks
VIDEO: How to prepare hospitals for ransomware attacks
Chad Van Alstin Health Imaging Health Exec
Chad Van Alstin

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Related Content

Kaiser Permanente exposed data on 13.4 million members to tech companies
Hackers were inside Change Healthcare’s systems 9 days before attack
Atrium Health sued for violating patient privacy, sharing data with Facebook and Google
Massive data trove from Change Healthcare hack now for sale on dark web
This week in the Change Healthcare situation: A recap and update in 10 notable quotes
This week in the Change Healthcare hack fallout: 10 notable quotes

Design by Adaptive Theme
Trimed Popup
Trimed Popup