During February, Change Healthcare experienced a cyberattack that significantly disrupted the healthcare system in the United States.
The RansomHub extortion group has initiated the release of what they allege to be corporate and patient information obtained from Change Healthcare, a subsidiary of United Health. This marks the culmination of a protracted and intricate extortion saga for the company.
During February, Change Healthcare experienced a cyberattack that significantly disrupted the healthcare system in the United States. This incident hindered pharmacies and medical practitioners from processing billing or submitting claims to insurance providers.
A recently emerged ransomware and extortion group, identifying as RansomHub, has uploaded numerous files to its dark web leak site. These files contain personal details of patients, encompassing various documents such as billing records, insurance data, and medical information.
The files include contracts and agreements between Change Healthcare and its clients. This marks the first instance of hackers sharing data from the cyberattack.
RansomHub asserts possession of 4 terabytes of data obtained from the UnitedHealth Group subsidiary and requests an unspecified sum of money to refrain from selling the information. This demand comes despite reports indicating that Change Healthcare had already paid another cybercriminal group $22 million in ransom.
Following the cyberattack on February 21st, Change Healthcare shut down its IT systems, resulting in widespread delays in claims processing across the United States.
"We are working with law enforcement and outside experts to investigate claims posted online to understand the extent of potentially impacted data," a Change Healthcare spokesperson emailedBecker's. "Our investigation remains active and ongoing."
Cybersecurity experts highlight that the "double extortion" tactic underscores the risks associated with paying ransom to hackers. Despite reportedly paying off the BlackCat/ALPHV ransomware group, Change Healthcare faced consequences as the group vanished without compensating its affiliate, who still retained the data from the hack.
"The payment of a ransom doesn't guarantee the cybercriminal will decrypt a victim's files or reinstate access to their systems," Darren Guccione, co-founder and CEO of cybersecurity firm Keeper Security, emailed in a statement to Becker's. "They are criminals, and, as such, they cannot be trusted."
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.