Change Healthcare is facing a new cybersecurity nightmare after a ransomware group began selling what it claimed were Americans' confidential medical and financial records stolen from the healthcare giant.
“For most Americans who are suspicious of us, we likely have your personal information,” the RansomHub gang said in an announcement obtained by WIRED.
The stolen data allegedly includes medical and dental records, bills, insurance details, and personal information such as social security numbers and email addresses, according to screenshots. Ransomhub claimed he had medical data of active-duty US military personnel.
The unregulated theft and sale of sensitive medical data represents a dramatic new fallout from February's cyberattack on Change Healthcare, forcing the hospital to remain open without regular funding. The company's claims-paying operations were crippled and the U.S. health care system was thrown into crisis. .
Change Healthcare, a subsidiary of UnitedHealth Group, previously acknowledged that a ransomware group known as BlackCat or AlphV infiltrated its systems and is investigating RansomHub's claims that it has possession of the company's stolen data. He told WIRED last week. Change Healthcare did not immediately respond to a request for comment about the group's alleged data sales.
The wide variety of patient data that RansomHub claims to be selling is evidence of Change Healthcare's role as a critical intermediary between insurance companies and healthcare providers, facilitating payments between the two parties and In the process, we collect large amounts of sensitive information about patients and their medical procedures. .
Among the sample records posted by RansomHub is a list of outstanding claims processed by the company's subsidiary EquiClaim, which includes patient names and healthcare provider names. Hospitalization records of a 74-year-old woman in Tampa, Florida. Some of the database records related to the health care of U.S. military personnel.
RansomHub said it is working with Change Healthcare to allow individual insurance companies whose data has been compromised to pay a ransom to prevent the sale of their records. It specified that the company was selling data belonging to multiple major insurance companies.
RansomHub said in a statement that Change Healthcare's “handling of sensitive data from all of these companies is simply incredible.”
Brett Callow, a threat analyst at security firm MsiSoft who closely tracks ransomware gangs, said the new sales of stolen data are likely “more about change than actually selling data.” He says the goal was to put pressure on Healthcare and its partner companies that leaked its records. Protect – “We are under increased pressure to pay.”
Change Healthcare appears to have paid AlphV a $22 million ransom to stop the leak of terabytes of stolen data.
Two months into the crisis caused by a ransomware attack, Change Healthcare is facing mounting losses. The company recently reported that it had spent $872 million responding to incidents as of March 31st.
At the same time, Change is facing increased pressure from lawmakers and regulators to explain its cybersecurity issues and the steps it is taking to prevent new hacks.
A subcommittee of the House Energy and Commerce Committee held a hearing Tuesday on the health sector's cyber posture, and key lawmakers said they were disappointed by UnitedHealth Group's refusal to allow executives to testify. The Department of Health and Human Services is also investigating whether Change Healthcare violated federal data security regulations by failing to prevent hackers from accessing or stealing data.
