Not again? Change Healthcare reportedly targeted in a 2nd cyberattack
While the State Department has issued a $10 million reward for the ID of the Change Healthcare’s hackers in its cyberattack in February, the health tech firm has reportedly been struck by a second ransomware attack.
Change Healthcare, which still is scrambling to recover from a costly cyberattack in February, may be facing a second security breach. Cybersecurity analyst Dominic Alvieri posted this week that hackers known as RansomHub claim to have accessed four terabytes of Change’s data, including the personal details and medical records of “millions” of patients, and demanded payment within 12 days.
“Change Healthcare and United Health, you have one chance in protecting your clients’ data,” the hackers said, according to The Register, a British technology news website. “The data have not been leaked anywhere, and any decent threat intelligence would confirm that the data have not been shared nor posted. In the event you fail to reach a deal, the data will be up for sale to the highest bidder here.”
Change, which has neither confirmed nor denied the threat, told Becker’s Health IT that “we are aware of these reports and continue to work with the authorities.”
Change reportedly paid the BlackCat/ALPHV ransomware gang $22 million after the previous cyberattack that crippled the company’s claims processing systems. The post from the new group means Change could be the victim of a “double extortion” attempt, cybersecurity researchers say.
“ It is not uncommon, as an incident responder, to discover not just one threat inside of a compromised environment but two or more,” Ken Dunham, cyberthreat director at Qualys Threat Research Unit, told Becker’s. “It is also not uncommon for companies that give in to bad actors performing extortion, such as ransomware and distributed denial-of-service payouts, to become ‘soft targets,’ quickly hit again with additional forms of extortion.”
However, he added, “While nobody advocates paying off an adversary, sometimes it is an action that ends up being the best course of action for a business based upon their risks and needs at the time of breach and impact.”
At the same time, paying ransom demands could open the door to additional attacks.
Related: State Department offers $10M reward for ID of Change Healthcare hackers
“The fact that Change Healthcare was seemingly targeted again, possibly by the same actors under a new alias or affiliates, highlights a significant issue in the ransomware ecosystem — the lack of ‘honor among thieves’,” Javvad Malik, lead security awareness advocate for KnowBe4, told The Register. “While the initial payment of $22 million might have seemed like a resolution, it potentially opened the door for further extortion. It’s a stark reminder that paying a ransom not only fails to guarantee data safety or non-disclosure but might also paint the organization as a repeat target for future attacks.”