Hackers leaked contracts and patient records purportedly stolen in the Change Healthcare cyberattack, TechCrunch reported April 15.
Ransomware group RansomHub posted files on its dark web leak site April 15 comprising personal and protected health information on patients whose data was taken in the Change hack, according to the story. The files also include contracts and agreements between Change and its clients. It marked the first time hackers have posted data from the cyberattack.
RansomHub claims to have 4 terabytes of data pilfered from the UnitedHealth Group subsidiary and is demanding an undisclosed amount of money in return for not selling the information — despite Change Healthcare reportedly already having paid another cybercriminal gang $22 million in ransom. Change took IT systems offline after the cyberattack Feb. 21, leading to widespread claims processing delays across the U.S.
"We are working with law enforcement and outside experts to investigate claims posted online to understand the extent of potentially impacted data," a Change Healthcare spokesperson emailed Becker's. "Our investigation remains active and ongoing."
Cybersecurity experts say the "double extortion" attempt shows the danger of forking over ransom to hackers. Change Healthcare reportedly paid off the BlackCat/ALPHV ransomware group, but that gang disappeared while stiffing its affiliate that helped pull off the hack and still had the data.
"The payment of a ransom doesn't guarantee the cybercriminal will decrypt a victim's files or reinstate access to their systems," Darren Guccione, co-founder and CEO of cybersecurity firm Keeper Security, emailed in a statement to Becker's. "They are criminals and, as such, they cannot be trusted."