Round 2: Change Healthcare Targeted in Second Ransomware Attack

Round 2: Change Healthcare Targeted in Second Ransomware Attack

April 8, 2024 at 05:01PM

Change Healthcare is facing another ransomware attack by RansomHub, following the recent ALPHV/BlackCat cyberattack. The company is being threatened with the sale of 4TB of stolen data containing sensitive information of US military personnel and patients, among others. The situation puts Change Healthcare in a difficult position, considering its recent recovery from the prior attack. Walker suggests potential ties between the two gangs, adding to the complex landscape of ransomware activities.

Based on the meeting notes, it is apparent that Change Healthcare is facing another cyberattack, this time by the ransomware gang RansomHub. The attackers have stolen a significant amount of sensitive data, including information related to US military personnel and patients, medical records, and financial information. RansomHub is threatening to sell the data to the highest bidder if an extortion payment is not made within 12 days.

Malachi Walker, a security adviser at DomainTools, has suggested that RansomHub may be using tactics to intimidate and coerce organizations into making payments. There is also speculation about potential connections between RansomHub and the ALPHV/BlackCat cyberattack, but it’s too early to confirm any relationship.

Change Healthcare, a subsidiary of United Healthcare, is now faced with a difficult decision regarding whether to pay the ransom. It is clear that the company is caught in a conflict between rival cybercriminal groups and is under considerable pressure to protect their clients’ data while also dealing with the aftermath of the previous attack.

The situation highlights the challenges and complexities associated with dealing with ransomware attacks and the evolving nature of the cyber threat landscape.

Full Article