An extortion group has revealed a portion of what it says are the non-public and delicate affected person data on thousands and thousands of Individuals stolen throughout the ransomware assault on Change Healthcare in February.
On Monday, a brand new ransomware and extortion gang that calls itself RansomHub revealed a number of information on its darkish net leak website containing private details about sufferers throughout totally different paperwork, together with billing information, insurance coverage data and medical info.
Among the information, which information.killnetswitch has seen, additionally include contracts and agreements between Change Healthcare and its companions.
RansomHub threatened to promote the information to the very best bidder except Change Healthcare pays a ransom.
It’s the primary time that cybercriminals have revealed proof that they’ve of their possession medical and affected person data from the cyberattack.
For Change Healthcare, there’s one other complication: That is the second group to demand a ransom cost to forestall the discharge of stolen affected person information in as many months.
UnitedHealth Group, the guardian firm of Change Healthcare, stated there was no proof of a brand new cyber incident. “We’re working with regulation enforcement and out of doors specialists to analyze claims posted on-line to know the extent of probably impacted information. Our investigation stays energetic and ongoing,” stated Tyler Mason, a spokesperson for UnitedHealth Group.
What’s extra doubtless is {that a} dispute between members and associates of the ransomware gang left the stolen information in limbo and Change Healthcare uncovered to additional extortion.
A Russia-based ransomware gang referred to as ALPHV took credit score for the Change Healthcare information theft. Then, in early March, ALPHV all of the sudden disappeared together with a $22 million ransom cost that Change Healthcare allegedly paid to forestall the general public launch of affected person information.
Now, RansomHub says “we’ve got the information and never ALPHV.” Wired, which first reported the second group’s extortion effort on Friday, cited RansomHub as saying it was related to the affiliate that also had the information.
UnitedHealth beforehand declined to say whether or not it paid the hackers’ ransom, nor did it say how a lot information was stolen within the cyberattack.
The healthcare big stated in a press release on March 27 that it obtained a dataset “protected for us to entry and analyze,” which the corporate obtained in trade for the ransom cost, information.killnetswitch realized from a supply with information of the continued incident. UHG stated it was “prioritizing the evaluation of information that we imagine would doubtless have well being info, personally identifiable info, claims and eligibility or monetary info.”
