Another Ransomware Threat Hits Change Healthcare, Hackers Post Stolen Patient Data Online

Published by Deep Shikha on Apr 16, 2024

Fact-checked by Kate Richards • Fact-checked by Kate Richards

Change Healthcare, a leading healthcare technology provider, has suffered a second ransomware attack, this time orchestrated by the newly identified hacker group RansomHub. The attack, as reported by Wired on April 12, escalated when RansomHub publicly released sensitive patient documents on the dark web, as revealed by TechCrunch on April 16.

These documents contain patients’ medical, billing, and insurance records, as well as contracts between Change Healthcare and its business partners. RansomHub has threatened to sell this data to the highest bidder unless they receive a ransom.

This is the second ransom demand by hackers that Change Healthcare has faced. In March, the company paid $22 million to another hacker group, ALPHV. ALPHV then disappeared with the money. TechCrunch revealed that internal conflicts among the hackers have made the stolen data vulnerable, leading to this new threat from RansomHub.

An associate of ALPHV claimed they initially stole the data from Change Healthcare. However, the main group of ALPHV took all the ransom money and left the associate with the data. Now, RansomHub is claiming that they, not ALPHV, have the data. According to Wired, RansomHub stated they are connected to the affiliate that still possesses the data.

Despite these issues, UnitedHealth Group, which owns Change Healthcare, insists there hasn’t been another cyber breach. “We are working with law enforcement and outside experts to investigate these online claims to understand how much data might be at risk. Our investigation is still ongoing,” Tyler Mason, a UnitedHealth Group spokesperson, told TechCrunch.

On March 27, UnitedHealth Group said they had received some data they considered safe to access and analyze. This data was supposedly acquired in exchange for a ransom payment, reported Techcrunch. However, they did not confirm the details of the payment.

Techcrunch highlights that it’s the first time hackers have posted evidence of stolen data online. This situation shows the risks of dealing with cybercriminals, who may not stick to their agreements even after receiving a ransom.

Change Healthcare’s repeated issues with cyberattacks highlight the urgent need for more robust security measures in the healthcare sector, as these organizations face increasing threats from ransomware and data theft.