Priya Patel
TLDR:
- Change Healthcare is facing extortion from a second ransomware gang, RansomHub.
- The cybersecurity incident stems from an earlier attack by ALPHV and involves 4 TB of sensitive data.
Change Healthcare is allegedly being extorted by a second ransomware gang, RansomHub, mere weeks after recovering from an ALPHV attack. RansomHub has claimed responsibility for attacking Change Healthcare and is demanding a ransom payment for the company’s data, which includes personally identifiable information (PII) of active US military personnel and other patients, medical records, and payment information. The situation raises questions about the decision to pay ransom demands and the lack of integrity among ransomware gangs.
If the claims are true, Change Healthcare will have to decide whether to pay a second ransom fee to protect its data. The theories surrounding the attacks suggest that the original ransom payment to ALPHV may have led to the subsequent attack by RansomHub. This highlights the risks associated with negotiating with cybercriminals and the potential for repeated targeting by different groups.
The incident also sheds light on the lack of ‘honor among thieves’ in the ransomware ecosystem. The situation at Change Healthcare underscores the challenges organizations face when dealing with ransomware attacks and the importance of implementing robust cybersecurity measures to prevent future incidents.
Overall, the ongoing cybersecurity dilemma facing Change Healthcare serves as a cautionary tale for other organizations grappling with the threat of ransomware attacks and the complex dynamics within the cybercriminal landscape.
