Change healthcare faces data leak threat despite paying $22 million as ransom


Change Healthcare, a subsidiary of UnitedHealth Group, has confirmed the transfer of 350 bitcoins, equivalent to $22 million USD, to a crypto wallet owned by the ALPHV Ransomware group.

Despite complying with the ransom demand, concerns linger for the victim regarding the integrity of the promise made by the BLACKCAT, also known as ALPHV, ransomware group to refrain from leaking the stolen data on the dark web.

The looming threat of cybercriminals reneging on their agreements often plagues victims, as there is a risk that hackers might opt to release the pilfered data even after receiving the ransom, typically within 6 to 10 months or even a year.

The demand for fresh data on the dark web remains high, with data older than 11 months fetching less than anticipated returns for cybercriminals. Consequently, hacking groups typically expedite the sale of stolen data within 1 or 2 months of a breach.

Meanwhile, UnitedHealth has disclosed a staggering $872 million financial loss due to the cyber attack on Change Healthcare, during which hackers absconded with approximately 6TB of sensitive information from servers in February of this year.

Investigations have uncovered that the breach occurred in February, with the hackers making their presence known in March 2024. Presently, the BlackCat gang lies dormant following the FBI’s seizure of its servers, as they strategize their resurgence.

However, another ransomware syndicate, RansomHUB, claims to have re-penetrated Change Healthcare’s servers and is demanding a $15 million ransom.

Security experts later indicated that RansomHUB was formerly associated with BlackCat but has since severed ties with ALPHV to establish itself independently. Feeling slighted by the non-receipt of their share of the ransom as pledged, they now threaten to expose the data to potential buyers and other hackers.

Consequently, the victim finds themselves ensnared between two notorious criminal factions and may require the assistance of forensic experts to navigate this perilous situation. Regardless of the specific victim, the ramifications of this cyber attack will reverberate across the United States, impacting numerous pharmacies, hospitals, and medical practices.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display