Home Tech Change Healthcare’s new ransomware nightmare goes from bad to worse

Change Healthcare’s new ransomware nightmare goes from bad to worse

0 comments
Change Healthcare's new ransomware nightmare goes from bad to worse

Change Healthcare is facing a new cybersecurity nightmare after a ransomware group began selling what it claimed were confidential medical and financial records of Americans stolen from the healthcare giant.

“For most American people who doubt us, we probably have your personal data,” the RansomHub gang said in an ad seen by WIRED.

The stolen data allegedly includes medical and dental records, payment claims, insurance details and personal information such as Social Security numbers and email addresses, according to screenshots. RansomHub claimed it had healthcare data on active-duty US military personnel.

The widespread theft and sale of sensitive healthcare data represents a dramatic new form of fallout from the February cyberattack on Change Healthcare that crippled the company’s claims payment operations and sent the US healthcare system into a tailspin. to a crisis as hospitals struggled to stay open without regular funding. .

Change Healthcare, a subsidiary of UnitedHealth Group, previously acknowledged that a ransomware gang known as BlackCat or AlphV breached its systems and told WIRED last week that it is investigating RansomHub’s claims that it possessed stolen company data. Change Healthcare did not immediately respond to a request for comment about the group’s alleged sale of its data.

The wide variety of patient data that RansomHub claims to be selling is a testament to Change Healthcare’s role as a critical intermediary between insurers and healthcare providers, facilitating payments between both parties and collecting a wealth of sensitive information about patients. and their medical procedures in the process. .

Among the sample records RansomHub posted was a list of open claims handled by the company’s EquiClaim subsidiary that includes names of patients and providers; a hospital record for a 74-year-old woman in Tampa, Florida; and part of a database record related to the health care of U.S. military service members.

RansomHub said it would allow individual insurance companies that worked with Change Healthcare and whose data was compromised to pay ransoms to prevent the sale of their records. He stated that he was selling data belonging to several major insurance companies.

Change Healthcare’s “processing of sensitive data from all of these companies is simply unbelievable,” RansomHub said in its announcement.

Brett Callow, a threat analyst at security firm Emsisoft who closely follows ransomware gangs, says the new sale of stolen data was probably “not so much about actually selling the data” but rather putting pressure on Change Healthcare. and to associated companies whose registrations were not achieved. protect: “under additional pressure to pay.”

Change Healthcare appears to have paid a $22 million ransom to AlphV to prevent it from leaking terabytes of stolen data.

Two months after the crisis generated by the ransomware attack, Change Healthcare has faced mounting losses. The company recently reported spending 872 million dollars responding to the incident as of March 31.

At the same time, Change is under increasing pressure from lawmakers and regulators to explain its cybersecurity failure and the measures it is taking to prevent another attack.

A subcommittee of the House Energy and Commerce Committee held a hearing Tuesday on the healthcare sector’s cyber posture, with key lawmakers. saying they were upset that UnitedHealth Group declined to make an executive available to testify. And the Department of Health and Human Services is investigating whether the failure of Change Healthcare to prevent hackers from accessing and stealing your data violated federal data security rules.

You may also like