Weeks after Change Healthcare apparently paid the BlackCat ransomware gang a $22 million ransom to get back access to its encrypted data, another cybercriminal group called RansomHub claims to be trying to sell the 4TB of data. RansomHub’s April 16th message states that the data for “tens of insurance companies” contains Personal Identifiable Information (PII) such as addresses, phone numbers, and Social Security numbers, as well as Protected Health Information (PHI) in medical and dental records. They note that “For most US individuals out there doubting us , we probably have your personal data.”
RansomHub and the Dark Web
RansomHub also published some files to its leak site on the ‘dark web’ containing a portion of this information, and is threatening to sell the data unless it is also paid a ransom. While Change Healthcare has neither confirmed nor denied that it has paid any ransom thus far (or that RansomHub’s posted data is legitimate), a BlackCat affiliate claimed that the group had been paid for a decryption key after a cryptocurrency address associated with BlackCat showed receipt of a $22 million transaction at the beginning of March. This affiliate, known as Notchy, complained that he never received his ‘commission’ from the gang, and it is believed that this is how RansomHub may have obtained the data.
Even as Change Healthcare slowly continues to come back online after the February cyberattack, and is expected to eventually lose over $1.6 billion as a result of it, the prospect of the PII and PHI of an uncertain number of patients being purchased by the highest bidder is troubling. RansomHub claims to have source code as well, raising the possibility of further breaches. Paying a ransom to get your data back is not a good strategy and no guarantee that you’ll go back to ‘business as usual.’ Do you have a robust cybersecurity strategy in place to thwart an attack in the first place? Managed IT solutions from Microwize Technology can give you protection and peace of mind.