A new ransomware gang, called RansomHub, published several files containing sensitive personal data on the dark web on April 15. Data stolen during the cyberattack against Change Healthcare, a branch of the American insurance company UnitedHealth, at the end of last February. These files include both medical and billing data, but also insurance records. Contracts and agreements between Change Healthcare and its partners were also allegedly disclosed.
First ransomware gang left with $22 million
Advertisement
At the time of the cyberattack, thousands of pharmacies, including those of the CVS Health and Walgreens chains, found themselves paralyzed. They were no longer able to transmit patients' insurance claims and faced significant prescription delays. According to a health insurance provider in the US military, this cyberattack affected “all military pharmacies in the world”. Finally, many healthcare providers could no longer process prescriptions through patients’ insurance.
A few days later, hackers from the BlackCat/ALPHV ransomware gang claimed to be behind the cyberattack and to be in possession of 8 terabytes of data. In early March, BlackCat suddenly disappeared from the radar, pocketing $22 million that Change Healthcare allegedly paid to prevent the publication of the data. The data theft was initially believed to have been committed by a cybercriminal affiliated with BlackCat (which earns a commission on cyberattacks launched with the gang's malware). The ransomware gang then allegedly suspended his account, preventing him from getting a percentage of the ransom amount.
RansomHub threatens to sell the data
This time, RansomHub claims: “We own the data, not ALPHV.” The gang says it has 4 terabytes, which it threatens to sell “To the best offer” in the absence of payment of a ransom – in an unspecified amount. “This data is a bomb for us. If we cannot obtain payment, we will have no choice but to sell them, adds RansomHub, in a letter addressed to Wired. Of course, if we reach an agreement, it will be better to delete the data and throw the bomb.”
Advertisement
UnitedHealth has not released the total amount of data stolen in the cyberattack. In addition, he did not wish to say whether he had paid the ransom wanted by the cybercriminals. In a press release dated March 27, the group claims to have obtained a set of data “on”so that they may “access and analyze it”. According to TechCrunch, this set would have been granted in exchange for the payment of a ransom. UnitedHealth gives “prioritizing the review of data, which would likely contain health, personally identifiable, claims or eligibility and financial data”.
Many American doctors impacted
The American Medical Association has stated that even today, “serious disruption continues” in medical offices. According to a survey of its members between March 26 and April 3, about 80% of responding doctors lost income, with many using personal savings to cover their practice expenses. Some reported having difficulty “managing pain care” cancer patients, citing significant delays.
Selected for you