Massive data trove from Change Healthcare hack now for sale on dark web
The Change Healthcare data breach keeps getting worse. As previously reported, the health information exchange paid a $22 million ransom to liberate its data from cybercriminals, only to face a second blackmail for another payment. Earlier this week, some sensitive data from Change Healthcare and parent company UnitedHealth Group was leaked online.
Now, the hacker group RansomHub has begun selling data from the breach online. According to Dark Web Informer—an outlet that monitors illicit activity on the Tor network—a posting went live on April 16 advertising the sale of the stolen data.
In a screenshot of the post shared by Dark Web Informer on X/Twitter, RansomHub claims to have data from “tens of insurance companies,” including Optum, Medicare, and UnitedHealth. The hackers claim the full trove of data contains medical records, dental records, personal health information on active duty military, insurance records, and personally identifiable information on patients, including addresses and social security numbers.
Perhaps most surprisingly, RansomHub claims to have “thousands of source code files from Change Healthcare solutions,” which could be used to breach the organization’s systems again.
In the posting, RansomHub warns that Change Healthcare and UnitedHealth’s “processing of sensitive data from all of these companies” ultimately means RansomHub has data on most of the U.S. population.
“For most of the U.S. individuals out there doubting us, we probably have your personal data,” the hacker group wrote.
RansomHub ends the post by asking insurers to reach out to stop their data from being sold to the highest bidder.
Fallout from the breach is still unfolding
The breach at Change Healthcare is still being investigated, and the full number of individuals and organizations impacted is unknown. Most of the U.S. health system interacts with Change Healthcare and UnitedGroup, so the extensive breach could have significant downstream effects.
Sen. Ron Wyden (D-Ore.), chair of the Senate Finance Committee, stated during a speaking engagement at the American Hospital Association’s annual meeting earlier this week that Congress will be holding a hearing to learn more about the hack.
On Tuesday, UnitedHealth Group said the Change Healthcare breach has already cost the company $872 million in losses, and that number is expected to pass $1.6 billion over time.