Change Healthcare faces new ransomware threat following earlier breach

Change Healthcare, a key player in processing claims for UnitedHealth Group, is reportedly under the threat of a new ransomware attack, as revealed by a recent report from Wired. The attack is attributed to a group named RansomHub, which claims to possess four terabytes of data stolen from Change Healthcare. RansomHub has issued a ransom demand, threatening to sell the data if their demands are unmet. Notably, the group denies affiliation with AlphaV, the entity responsible for the earlier breach, and has not disclosed the exact ransom amount.

UnitedHealth Group, however, has stated that they have not found any evidence of a new cyberattack. A spokesperson for the company reassured that they are actively collaborating with law enforcement and external experts to assess the situation and ascertain the extent of potential data exposure.

Wired received screenshots from RansomHub, purportedly showing patient records and a data-sharing contract for UnitedHealth. While the authenticity of these samples remains unconfirmed, they suggest a credible threat to Change Healthcare’s data security.

The initial breach, discovered in February, caused significant disruptions across the healthcare sector. This incident adds to the growing concern over ransomware attacks, which have recently seen a surge. Research indicates that ransomware payments exceeded $1 billion in 2023.

In response to the escalating threat posed by ransomware attacks, bipartisan efforts are underway in the United States. The "Ransomware and Financial Stability Act," reintroduced by House Financial Services Committee Chairman Patrick McHenry and Rep. Brittany Pettersen, aims to provide deterrents against hackers and establish guidelines for financial institutions to address such attacks. The legislation particularly targets critical financial infrastructure, emphasizing the need for transparency and regulation in dealing with ransomware incidents.

The bill proposes mandatory reporting to the Treasury Department before making ransom payments and restricting payments exceeding $100,000 without authorization. These initiatives seek to enhance cybersecurity resilience and mitigate the financial impact of ransomware attacks on organizations and society.