HQ/EMEAFind out how we can help your business
The RansomHub extortion gang has started leaking the data they claim to be patient data stolen from United Health subsidiary Change Healthcare in a long and complex extortion process for the company.
Earlier this year, the institution became the subject of a cyberattack that caused massive disruption to the United States healthcare system, preventing pharmacies and doctors from billing or sending claims to insurance companies.
Reports stated that the main perpetrators of the cyberattack were the BlackCat/ALPHV ransomware operation, which later revealed they stole 6TB worth of data.
After law enforcement agencies pressured the group, BlackCat shut down their operation., which occurred after claims that they were pulling an exit scam by stealing a $22 million Change Healthcare ransom payment from the affiliate who executed the attack.
On the other hand, the institution has declined to address speculations that it has already paid a ransom. However, the affiliate known as “Notchy” said it would extort Change Healthcare again as it still had the company’s data.
Change Healthcare now faces a double-extortion operation from the threat actors.
After BlackCat shut down, the affiliate, Notchy, partnered with the RansomHub ransomware gang, planning to extort the affected institution again by gradually leaking the stolen data, even though the company allegedly already paid a ransom.
The threat actor issued a statement on the RansomHub data leak site stating that all the data they would release the data if Change Healthcare and United Health did not comply or negotiate with their demands.
They also have started leaking screenshots of files they claim were stolen from the institution during the ransomware attack last week in February.
The screenshots displayed critical data, like data-sharing agreements between Change Healthcare and insurance providers, such as Health Net, CVS Caremark, and Loomis. Other documents contain accounting data, including ageing reports, insurance payment reports, and other financial information.
The more concerning part of this incident is that the leaked data also contains patient information, including amounts owed and bills for patient care services. The threat actors have given Change Healthcare an ultimatum of five days to pay their extortion demand, or they will sell the data to the highest bidder.
