Second Ransomware Group Makes Extortion Attempts on Change Healthcare
In a concerning turn of events, UnitedHealth Group’s subsidiary, Change Healthcare, finds itself under threat from a second ransomware group following a recent cyberattack. This new group, identifying themselves as RansomHub, has reportedly acquired a massive 4 terabytes of sensitive data from Change Healthcare. Their demands are straightforward yet menacing: payment in exchange for silence or face the risk of having the stolen information sold on the dark web. This alarming development was first brought to public attention through a LinkedIn post by cybersecurity analyst Dominic Alvieri on April 7.
In response to these allegations, a spokesperson for Change Healthcare communicated to Becker’s via email, “We are aware of these reports and continue to work with the authorities.” This acknowledgment raises further concern regarding the cybersecurity posture of Change Healthcare, especially in light of the recent ransom paid to another notorious ransomware gang.
It has been reported that Change Healthcare capitulated to a ransom demand from the BlackCat/ALPHV group following a cyberattack in February. This attack severely disrupted the company’s claims processing systems across the nation, compelling Change Healthcare to allegedly pay a staggering $22 million to regain control of their systems and data.
The emergence of a second extortion threat underscores a potentially worrying trend of “double extortion” within the cybersecurity realm. Cybersecurity researchers highlight the frequency with which victims who submit to initial extortion demands may find themselves targeted yet again. Ken Dunham, the cyberthreat director at Qualys Threat Research Unit, stressed this point in an email to Becker’s. According to Dunham, it is not rare for incident responders to uncover multiple threats within a single compromised environment. Furthermore, companies that succumb to extortion, whether through ransomware or distributed denial-of-service (DDoS) attacks, often become recurring targets for cybercriminals.
Dunham elaborated on the dilemma faced by many organizations in the wake of such attacks, saying, “While nobody advocates paying off an adversary, sometimes it is an action that ends up being the best course of action for a business based upon their risks and needs at the time of breach and impact.” This statement reflects the complex decisions companies must navigate when confronted with cyber extortion.
The situation facing Change Healthcare serves as a critical reminder for businesses of all sizes about the importance of robust cybersecurity measures and the potential consequences of yielding to ransom demands. As cybercriminals continue to evolve their tactics, the need for comprehensive security strategies and proactive measures has never been more apparent. The industry will be watching closely to see how Change Healthcare and other organizations respond to these growing threats.
As investigations continue and authorities work to address these cybersecurity challenges, the broader implications for the healthcare sector and beyond remain a point of significant concern and attention.
