An extortion group has printed a portion of what it says are the non-public and delicate affected person information on hundreds of thousands of People stolen through the ransomware assault on Change Healthcare in February.
On Monday, a brand new ransomware and extortion gang that calls itself RansomHub printed a number of recordsdata on its darkish net leak web site containing private details about sufferers throughout completely different paperwork, together with billing recordsdata, insurance coverage information and medical info.
Among the recordsdata, which TechCrunch has seen, additionally comprise contracts and agreements between Change Healthcare and its companions.
RansomHub threatened to promote the information to the best bidder except Change Healthcare pays a ransom.
It’s the primary time that cybercriminals have printed proof that they’ve of their possession medical and affected person information from the cyberattack.
For Change Healthcare, there’s one other complication: That is the second group to demand a ransom cost to stop the discharge of stolen affected person information in as many months.
UnitedHealth Group, the father or mother firm of Change Healthcare, mentioned there was no proof of a brand new cyber incident. “We are working with law enforcement and outside experts to investigate claims posted online to understand the extent of potentially impacted data. Our investigation remains active and ongoing,” mentioned Tyler Mason, a spokesperson for UnitedHealth Group.
What’s extra doubtless is {that a} dispute between members and associates of the ransomware gang left the stolen information in limbo and Change Healthcare uncovered to additional extortion.
A Russia-based ransomware gang referred to as ALPHV took credit for the Change Healthcare data theft. Then, in early March, ALPHV instantly disappeared together with a $22 million ransom cost that Change Healthcare allegedly paid to stop the general public launch of affected person information.
An ALPHV affiliate — basically a contractor who earns a fee on the cyberattacks they launch utilizing the gang’s malware — went public claiming to have carried out the information theft at Change Healthcare, however that the principle ALPHV/BlackCat crew stiffed them out of their portion of the ransom cost and vanished with the lot. The contractor mentioned the hundreds of thousands of sufferers’ information was “still with us.”
Now, RansomHub says “we have the data and not ALPHV.” Wired, which first reported the second group’s extortion effort on Friday, cited RansomHub as saying it was related to the affiliate that also had the information.
UnitedHealth beforehand declined to say whether or not it paid the hackers’ ransom, nor did it say how a lot information was stolen within the cyberattack.
The healthcare big mentioned in a press release on March 27 that it obtained a dataset “safe for us to access and analyze,” which the corporate obtained in alternate for the ransom cost, TechCrunch discovered from a supply with information of the continuing incident. UHG mentioned it was “prioritizing the review of data that we believe would likely have health information, personally identifiable information, claims and eligibility or financial information.”
