Change Healthcare data now for sale on the dark web!

SCMagazine.com reported that “Change Healthcare data stolen in a February ransomware attack is allegedly up for sale, extortion group RansomHub announced Tuesday.  Screenshots from RansomHub’s leak site posted by Dark Web Informer and Emsisoft Threat Analyst Brett Callow Tuesday afternoon show the group listing the data for sale, claiming to have information from “tens of” insurance providers as well as personal information on patients, Change Healthcare source codes “and many more.””  The April 16, 2024 article entitled “RansomHub says Change Healthcare data now up for sale” (https://www.cybersecuritycollaboration.com/events?utm_source=scmagazine&utm_medium=display&utm_campaign=cybersecuritycollaboration-events-2024&utm_content=join-the-community) included these comments:

Change Healthcare, which is owned by UnitedHealth Group subsidiary Optum, suffered a cyberattack on Feb. 21, leading to widespread operational disruptions at hospitals and pharmacies across the United States.

The attack was claimed by the ALPHV/BlackCat ransomware group, which subsequently shut down its leak site and made off with a $22 million ransom allegedly paid by Optum in an apparent exit scam against its own affiliates, possibly due to law enforcement pressure.

The affiliate responsible for the Change Healthcare attack, known as “Notchy,” is believed to have been recruited by RansomHub after being left emptyhanded by ALPHV/BlackCat, based on messages exchanged between a RansomHub admin and the admin of the malware resource-sharing group vx-underground last week.

RansomHub first claimed possession of 4TB of the stolen Change Healthcare data last Monday, giving the company an approximately 12-day deadline to negotiate a ransom before the info would be sold to the highest bidder.

No surprise and terrible news!