TLDR:
- Ransomware gang RansomHub has targeted Change Healthcare, demanding payment for 4TB of stolen data.
- The stolen data includes sensitive information of US military personnel, patients, medical records, and financial details.
Full Article:
Change Healthcare is facing a second cyberattack, this time by ransomware gang RansomHub. After recently being a victim in an ALPHV/BlackCat cyberattack, RansomHub has stolen 4TB of sensitive data from the company and is demanding an extortion payment. The stolen information contains critical data of US military personnel, patients, medical records, and financial information. RansomHub has threatened to sell the data to the highest bidder in 12 days if the payment is not made. This puts Change Healthcare in a challenging position as it must decide whether paying the ransom is the best option, especially after just recovering from the last attack.
Security adviser Malachi Walker suggests that RansomHub may be claiming ties to previous victims to intimidate them into making a payment. There is speculation about any connection between ALPHV and RansomHub, but it is too early to confirm any ties. The underground economy around ransomware is booming, with affiliate programs, initial access brokers, and collaboration between ransomware groups.
With sensitive data on the line and the pressure to make a decision, Change Healthcare and its parent company, United Healthcare, are in a difficult position. The cybersecurity community continues to monitor the situation closely for developments.