By REBECCA RUTHERFORD
For the Los Alamos Daily Post
After suffering a huge ransomware attack in February, Change Healthcare has been hit again, by yet another ransomware attack. Yikes!
The attacker this time is RansomHub, a fairly new player to the game, having just popped up a few months ago. On Monday they claimed to have stolen over 4 TB of data from Change Healthcare, and are threatening to sell it to the highest bidder if they don’t receive payment within 12 days.
According to an article by The Register:
“Change Healthcare and United Health you have one chance in protecting your clients data,” RansomHub said. The data has not been leaked anywhere and any decent threat intelligence would confirm that the data has not been shared nor posted.
“In the event you fail to reach a deal the data will be up for sale to the highest bidder here.”
Change Healthcare had only recently recovered from their last ransomware attack … they are alleged to have paid a $22 million ransom to ALPHV following the last ransomware incident. Change Healthcare has never officially confirmed this, but if this is true they are now looking at paying a second ransom to protect their data.
All is not well in ransomware land. Many think ALPHV pulled a fast one, taking the money and running and leaving their affiliate (the one that actually executed the attack for the organization) with nothing. Ransomware is run like a business, payments are generally split 80/20 with 20% going to the affiliate that carried out the attack, and the rest going to the Ransomware gang.
It is speculated that perhaps the affiliate decided to retain the data and switched alliances to RansomHub to try to make a profit. Alternate theories are that RansomHub is actually ALPHV rebranded, since RansomHub just appeared in February when ALPHV vanished. In any case, this is one of many reasons to not pay a ransom in a Ransomware attack; your payment guarantees you nothing.
Worried about whether or not your data has been compromised in a healthcare attack? Healthcare providers are required to report breaches to Health and Human Services, you can check their searchable database here or you can view the data provided by USA Today here.
It’s a huge hit for a company that was finally recovering from a massive Ransomware attack, and bad news for consumers as yet more of their personal data is potentially up for grabs.