The notorious RansomHub hacking group has recently made a shocking revelation. Corporate and patient data allegedly stolen from UnitedHealth Group’s subsidiary, Change Healthcare, has been leaked by the perpetrators. This development marks the latest chapter in a long and complex extortion saga targeting the healthcare giant.
Back in February, Change Healthcare experienced a devastating cyberattack that wreaked havoc on the US healthcare system. The incident resulted in widespread disruption as pharmacies and medical providers were unable to process claims and bill insurance companies as usual.
According to sources, the attack was carried out by the infamous BlackCat/ALPHV ransomware operation. The group later claimed to have siphoned off a staggering 6 terabytes of data during the breach.
Unable to bear the mounting pressure from law enforcement agencies, the BlackCat gang eventually decided to call it quits and shut down their operations. There were speculations that the group had pulled off an exit scam by stealing a rumored $22 million payment made by Change Healthcare as ransom to regain control of their systems.
However, despite the supposed ransom payment, it appears that the nightmare was far from over for Change Healthcare. In a stunning turn of events, the gang’s affiliate, “Notchy”, joined forces with another notorious ransomware group, RansomHub, to pile more misery on the company.
A case of double extortion
In a statement posted on RansomHub’s data leak site, the threat actors behind this heinous act declared that they would release all the stolen data unless Change Healthcare and its parent company, UnitedHealth Group, cooperate with them to “settle the matter”. This threat came despite claims that Change Healthcare had already paid a hefty ransom to regain access to their systems.
True to their word, the attackers have started leaking screenshots of files that they claim were lifted from Change Healthcare during the ransomware attack in February. The screenshots include sensitive data-sharing agreements between the company and major insurance providers like CVS Caremark, Health Net, and Loomis. Other leaked documents contain financial information and accounting details, including aging reports and insurance payment reports.
However, more alarmingly, the leaked data also contains sensitive patient information, such as outstanding bills and payments for medical services received.
The blackmailers have now issued a five-day ultimatum for Change Healthcare to comply with their extortion demands, failing which they have threatened to auction off the stolen data to the highest bidder.
At this point, it is difficult to independently verify the authenticity of the leaked data. However, sufficient evidence suggests that the data does indeed belong to Change Healthcare.
When approached for comment on the leak, the company has declined to issue a response at this time.