Report: Ransomware Group Posts Evidence It Holds Change Healthcare Files

A ransomware group has reportedly published several files on the dark web that it says are patient records stolen during February’s cyberattack on UnitedHealth Group’s Change Healthcare.

The cybercriminal group, RansomHub, said it has the records of millions of Americans, including billing files, insurance records and medical information, as well as Change Healthcare contracts and agreements with partners, TechCrunch reported Monday (April 15).

TechCrunch said in the report that it had seen some of these files, that this is the first time cybercriminals have posted evidence that they possess these kinds of records, and that RansomHub has threatened to sell the data to the highest bidder unless Change Healthcare pays a ransom.

UnitedHealth Group did not immediately reply to PYMNTS’ request for comment.

This news comes two days after Wired reported that Change Healthcare is facing a second ransomware attack after the massive breach in February. That report said that RansomHub had said on its dark-web site that it has four terabytes of data stolen from the company.

RansomHub said it is not affiliated with ALPHV BlackCat, the ransomware group that claimed responsibility for the earlier breach, according to that report.

A spokesperson for UnitedHealth told PYMNTS Sunday (April 14) that the company had seen no evidence of a new cyberattack.

“We are working with law enforcement and outside experts to investigate claims posted online to understand the extent of potentially impacted data,” the spokesperson said. “Our investigation remains active and ongoing.”

The federal government said March 27 that it is offering a $10 million reward to help identify the people behind the hacker group ALPHV BlackCat.

“The ALPHV BlackCat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States and worldwide, deploying ransomware on the targeted systems,” the U.S. Department of State said when announcing the reward.

On March 25, proposed federal legislations was introduced in the U.S. Senate that aims to incentivize cybersecurity in the healthcare industry by accelerating Medicare payments to healthcare providers that have suffered a cyberattack, if they and their vendors meet minimum cybersecurity standards.

“The recent hack of Change Healthcare is a reminder that the entire healthcare industry is vulnerable and needs to step up its game,” U.S. Sen. Mark R. Warner, D-Va., said when introducing the bill.