Change Healthcare has reportedly fallen victim to a second cyberattack within weeks, this time at the hands of the ransomware gang RansomHub. Following a recent recovery from an ALPHV/BlackCat attack, RansomHub claims to have stolen 4TB of data, including sensitive information of US military personnel, medical records, and financial details. The group now demands an extortion payment within 12 days, threatening to sell the data to the highest bidder if their demands are unmet.
This new breach puts Change Healthcare, a subsidiary of United Health, in a precarious position, forcing it to consider the ransom payment amidst recovering from the impacts of a prior cyberattack. Security experts speculate on the connections between the two attacks, and contemplate the potentially troubling trend of targeted ransomware campaigns against the healthcare sector.
Why it matters: The repeated incidents showcase the sophisticated nature of modern cybercriminal networks and their ability to exploit vulnerabilities within critical infrastructure. Furthermore, these attacks highlight the difficult decisions victim organizations face regarding ransom payments, which can inadvertently fund further cybercriminal activities and set a dangerous precedent for future attacks.
- Impact on Healthcare Services: The cyberattacks on Change Healthcare have caused significant disruption to hospitals and pharmacies, impacting the processing of prescriptions, payments, and medical claims. This disruption not only affects the company’s operations but also the broader healthcare system’s ability to provide timely care.
- Ransom Payment Dilemma: The demand for a ransom payment within a tight deadline puts Change Healthcare in a difficult position, especially considering the company’s recent ransomware payment to ALPHV several weeks ago.
- Speculation of Gang Connections: The possible rebranding of ALPHV to RansomHub, or the involvement of affiliates across both attacks, illustrates the complex and interconnected nature of ransomware gangs, complicating efforts to track and combat them.
Go Deeper -> Round 2: Change Healthcare Targeted in Second Ransomware Attack – Dark Reading
Change Healthcare Faces Second Ransomware Dilemma Weeks After ALPHV Attack – The Register