Change Healthcare can't recover from a massive cyberattack.
RansomHub, a group of cybercriminals, said it has begun publishing data from the US company Change Healthcare, marking a new stage in a complex ransomware attack that has been going on for several months.
In February, Change Healthcare suffered a massive cyberattack that severely disrupted the American healthcare system, making it difficult to issue invoices and document documents with insurance companies. Later it turned out that the BlackCat/ALPHV group was behind the attack, which claimed to have stolen 6 TB of data.
After increasing pressure from law enforcement agencies, BlackCat ceased its activities. According to rumors, this happened against the background of fraud with the disappearance of a ransom in the amount of $22 million, which was allegedly supposed to be paid to Change Healthcare.
Despite the lack of official comments from Change Healthcare about paying the ransom, it is known that the hacker under the pseudonym Notchy announced his intention to extort money from the company again, since he still has stolen data.
After BlackCat was shut down, Notchy partnered with the RansomHub group to re-extort Change Healthcare. The RansomHub group on its leak site threatened that it would publish all the data if Change Healthcare did not comply with the hackers ' demands.
Last week, criminals began posting screenshots of files they claimed were stolen during the February attack. The leaked documents include data transfer agreements with insurance service providers, as well as financial reports and payment information. Of particular concern is the leakage of patient information, including medical bills and debt.
Change Healthcare now has 5 days to meet the ransomware requirements, otherwise the data will be sold to interested parties at the highest price.
RansomHub, a group of cybercriminals, said it has begun publishing data from the US company Change Healthcare, marking a new stage in a complex ransomware attack that has been going on for several months.
In February, Change Healthcare suffered a massive cyberattack that severely disrupted the American healthcare system, making it difficult to issue invoices and document documents with insurance companies. Later it turned out that the BlackCat/ALPHV group was behind the attack, which claimed to have stolen 6 TB of data.
After increasing pressure from law enforcement agencies, BlackCat ceased its activities. According to rumors, this happened against the background of fraud with the disappearance of a ransom in the amount of $22 million, which was allegedly supposed to be paid to Change Healthcare.
Despite the lack of official comments from Change Healthcare about paying the ransom, it is known that the hacker under the pseudonym Notchy announced his intention to extort money from the company again, since he still has stolen data.
After BlackCat was shut down, Notchy partnered with the RansomHub group to re-extort Change Healthcare. The RansomHub group on its leak site threatened that it would publish all the data if Change Healthcare did not comply with the hackers ' demands.
Last week, criminals began posting screenshots of files they claimed were stolen during the February attack. The leaked documents include data transfer agreements with insurance service providers, as well as financial reports and payment information. Of particular concern is the leakage of patient information, including medical bills and debt.
Change Healthcare now has 5 days to meet the ransomware requirements, otherwise the data will be sold to interested parties at the highest price.
