Change Healthcare faces double extortion tactic
The healthcare tech provider has already paid an USD 22 million ransom to ALPHV/BlackCat ransomware gang.
Change Healthcare, a subsidiary under the UnitedHealth Group umbrella, is facing renewed threats of extortion barely a month after succumbing to ransom demands to safeguard data stolen during a ransomware attack in February 2024.
This malicious attack, orchestrated by the ALPHV/BlackCat ransomware gang, disrupted healthcare operations across the USA, compromising sensitive data, including personal and financial records.
In the aftermath of the attack, the BlackCat group claimed accountability but soon shuttered operations following a raid by the FBI.
Now, a new ransomware entity, known as RansomHub, has emerged, claiming that it has stolen data and threatening to expose it unless another ransom is met.
RansomHub, which surfaced in February 2024, has former affiliates of BlackCat among its ranks, potentially shedding light on how they managed to access Change Healthcare’s data.
Despite speculation about RansomHub’s connections to BlackCat, SOCRadar has suggested they may be distinct entities, with RansomHub’s inception predating BlackCat’s dissolution.
About author
Salomé Petit Siemens
Ms Salomé Petit Siemens is currently pursuing a dual master's degree in international security between Sciences Po and the London School of Economic and Political Sciences. Previously, Salomé worked as an Assistant Analyst in the Cyber Programme at The Hague Centre for Strategic Studies and later as a trainee and expert at the European Commission Joint Research Centre in the Technology Innovation in Security unit.