Hackers start leaking stolen Change Healthcare data

 The RansomHub hacking group is starting to share snippets of the data stolen from Change Healthcare's networks during a recent attack.

Why it matters: Initial screenshots published Monday and seen by Axios suggest that hackers have stolen a trove of sensitive information, including patients' hospital bills, financial documents and company contracts.

• There's currently a countdown on RansomHub's dark-web leak site threatening to publish the data on Friday.

Catch up quick: RansomHub is the second ransomware gang to come into possession of data stolen from the Change Healthcare's networks.

• Change Healthcare, which provides billing support to pharmacies and insurers, has been cleaning up the fallout from a wide-reaching ransomware attack since February.
• Last month, Wired reported that the company appeared to have paid the BlackCat ransomware group a hefty $22 million to prevent a data leak and unlock its systems.

Zoom in: In a post Monday evening, RansomHub said it possesses more than 4 terabytes of data stolen during the ChangeHealthcare attack.

• RansomHub claims to have medical records, payments information, patients' Social Security numbers and details about accounts with various Change customers.
• Screenshots show the group could have data like a patient's specific hospital bill, including procedure codes, and details about payments made to Medicare accounts.

Between the lines: It's common for ransomware gangs to post intimidating messages on their dark web sites to force a company to make a ransom payment.

• Some hackers will even turn to extremes — like threatening to leak private information from student or patient files — to get more companies to pay up.

What they're saying: "Our investigation remains active and ongoing," a Change Healthcare spokesperson told Wired on Friday. "There is no evidence of any new cyber incident at Change Healthcare."

• A spokesperson for ChangeHealthcare did not immediately respond to Axios' request for comment on Monday.

What's next: RansomHub claims it won't leak the full trove of data if it receives a payment by Friday.

Reality check: Ransomware gangs are known to break their promises.

https://www.axios.com/2024/04/16/change-healthcare-data-leak-ransomware