When extortion meets extortion.
Change Healthcare was under attack by a new ransomware group following the previous cyberattack that happened two months ago.
In February, the United Health subsidiary faced a crippling cyberattack that disrupted the US healthcare system, affecting crucial processes like billing and claims submissions. This attack, attributed to the BlackCat/ALPHV ransomware operation, resulted in chaos and raised serious concerns about data security.
What Previously Happened to Change Healthcare
(Photo : National Cancer Institute from Unsplash)
Starting from the BlackCat ransomware attack, Change Healthcare underwent multiple extortion attacks from another group of hackers. This time, RansomHub leaked its stolen data.
Amidst the chaos, allegations surfaced that the attackers stole a significant amount of data-6 TB, to be precise.
Pressure mounted on the perpetrators, leading to the shutdown of the BlackCat gang. However, suspicions arose about their intentions, particularly regarding a reported $22 million ransom payment from Change Healthcare.
Related Article: Major Cyberattack on UnitedHealth Disrupts Prescription Drug Orders Across Thousands of US Pharmacies
RansomHub Extortion Gang Strikes
Despite these developments, the cyberattack continued. According to Bleeping Computer, Notchy, the affiliate involved in the attack, joined forces with the RansomHub gang to escalate the extortion. This move shocked many, considering the allegations that Change Healthcare had already paid a ransom. The threat of leaking data has sent ripples in the industry, prompting other healthcare firms to mitigate extortion risks.
The Data Leak: A Grim Reality
True to their word, the threat actors began leaking screenshots of purportedly stolen files. Among them were sensitive documents detailing agreements with insurance providers like CVS Caremark and Health Net. Additionally, financial records, including accounting data and insurance payment reports, were exposed. However, the most alarming aspect was the inclusion of patient information, underscoring the severity of the breach.
The Ultimatum
With the clock ticking, the threat actors issued an ultimatum: pay the demanded ransom within five days or face the sale of the data to the highest bidder. This heightened the urgency for Change Healthcare and United Health, leaving them with a critical decision to make amidst the escalating crisis.
Response and Questions
As the situation unfolds, questions linger about the company's response and the steps being taken to address the breach. BleepingComputer reached out to Change Healthcare for clarification, but as of now, a response has not been received. The silence adds to the uncertainty surrounding the situation, leaving stakeholders anxious for resolution.
The ongoing extortion saga involving the RansomHub gang and Change Healthcare emphasizes the persistent threat posed by cybercriminals to sensitive corporate and patient data.
As the healthcare sector becomes one of the favorite target industries of hackers, there's a need for companies to invest in high-quality cybersecurity protection outside the usual healthcare tools and undertaking.
SecurityWeek reports that UnitedHealth Group assures that the providers in need will receive more than $5 billion in assistance. There's no guarantee that ransomware groups will not leak any patient's data anymore after the ransom payment. The best that companies should do is to seek help from security experts on how to avoid this kind of cyberattack in the future.
Read Also: Change Healthcare Blames Ransomware Attack for Nationwide Outage
