Tech | Visa | Scholarship/School | Info Place

Change Healthcare patient data breached by ransomware gang

An extortion group has released a portion of the private, sensitive patient records of millions of Americans that were stolen during a ransomware attack against Change Healthcare in February.

On Monday, a new ransomware and extortion gang calling itself RansomHub published multiple files on its dark web leak site that contained patients’ personal information in various documents, including billing documents, insurance records, and medical information.

Some of the documents seen by TechCrunch also contain contracts and agreements between Change Healthcare and its partners.

RansomHub threatened to sell the data to the highest bidder unless Change Healthcare paid the ransom.

This is the first time cybercriminals have released evidence that they possess medical and patient records from a cyberattack.

There’s another wrinkle for Change Healthcare: It’s the second organization to demand a ransom to prevent the leak of patient data stolen over the course of a few months.

UnitedHealth Group, the parent company of Change Healthcare, said there was no evidence of a new cyber incident. “We are working with law enforcement and outside experts to investigate the statements posted online to understand the extent of potentially affected data. Our investigation remains active and ongoing,” said UnitedHealth spokesman Taylor Mason.

What’s more likely is that disputes between ransomware gang members and affiliates left the stolen data stranded and Change Healthcare facing further extortion.

A Russian ransomware gang called ALPHV has claimed responsibility for the Change Healthcare data theft. Then, in early March, ALPHV suddenly disappeared, along with a $22 million ransom payment that Change Healthcare allegedly paid to prevent the public release of patient data.

An affiliate of ALPHV (essentially a contractor that earns commissions by launching cyberattacks using the gang’s malware) publicly claimed to have carried out data theft at Change Healthcare, but key ALPHV/BlackCat operatives forced them to abandon themselves The ransom was paid and disappeared along with the cargo. Data from millions of patients “is still with us,” the contractor said.

Now, RansomHub says “we have the data, but not ALPHV.” Wired first reported the second group’s extortion efforts on Friday, citing RansomHub as saying the group is linked to affiliates that still have the data.

UnitedHealth previously declined to say whether it paid a ransom to the hackers or how much data was stolen in the cyberattack.

TechCrunch has learned from sources with knowledge of the current incident that the healthcare giant said in a statement on March 27 that it obtained a data set that was “available for us to securely access and analyze.” The company obtained it by paying a ransom. UHG said it is “prioritizing review of data we believe may contain health information, personally identifiable information, claims and eligibility, or financial information.”

#Change #Healthcare #patient #data #breached #ransomware #gang

Leave a Reply

Your email address will not be published. Required fields are marked *