PYMNTS Intelligence Banner June 2024

Change Healthcare Targeted by Second Ransomware Attack

Change Healthcare is reportedly facing a new ransomware attack following a massive breach in February.

According to a recent report by Wired, a ransomware group called RansomHub has since last week posted to its dark-web site that it has four terabytes of data stolen from Change Healthcare, which processes claims for healthcare giant UnitedHealth Group. 

RansomHub is threatening to sell that data if Change doesn’t pay a ransom, the report said, noting that the group claims not to be affiliated with AlphaV — which claimed responsibility for the earlier breach — and “can’t say” how much it’s demanding as a ransom.

A spokesperson for UnitedHealth told PYMNTS the company had seen no evidence of a new cyberattack.

“We are working with law enforcement and outside experts to investigate claims posted online to understand the extent of potentially impacted data,” they said. “Our investigation remains active and ongoing.”

The Wired report said RansomHub — after at first declining to offer anything to back up its claims — last week sent the publication several screenshots of what looked like patient records and a data-sharing contract for UnitedHealth. 

Those samples, while not fully confirmed, indicate this second attempt to ransom Change Healthcare’s data might be more than an idle threat, Wired wrote.

“For anyone doubting that we have the data, and to anyone speculating the criticality and the sensitivity of the data, the images should be enough to show the magnitude and importance of the situation and clear the unrealistic and childish theories,” the RansomHub contact told Wired via email.

The initial breach was discovered in February, and led to major disruptions across the healthcare sector.

It’s part of a wave of recent attacks involving ransomware, a form of malicious software that infiltrates computer networks and can involve encrypting files and demanding payment in return for the decryption keys. Research from blockchain data firm Chainalysis shows that in 2023, ransomware payments surpassed $1 billion.

With these sorts of breaches in mind, the bipartisan “Ransomware and Financial Stability Act” was reintroduced last week by House Financial Services Committee Chairman Patrick McHenry, R-N.C., and Rep. Brittany Pettersen, D-Colo.

The legislation includes deterrents against hackers along with guiderails to help financial institutions respond to ransomware attacks. It focuses on critical financial infrastructure, such as financial market utilities, large securities exchanges and technology service providers that support banks’ core processing services.

“To give institutions a road map for when they are facing a ransomware attack, the bill requires those covered by the rules to notify the Treasury Department before making a ransomware payment and prohibits ransomware payments of more than $100,000 unless authorized by law enforcement or the president,” PYMNTS wrote last week.