Issue #13

The Change Healthcare Ransomware Disaster

Ahoy there, fellow Netizens! This week let’s talk about the train wreck that is the Change Healthcare situation.

If you haven’t heard, Change Healthcare suffered a ransomware attack back in February that caused disruption at hospitals and pharmacies around the country. As is common with ransomware attacks, the bad actors also stole data from the health tech giant.

UnitedHealth Group, the company that owns Change Healthcare, confirmed the stolen data includes protected health information and personally identifiable information from “a substantial proportion of people in America.”

Change Healthcare paid a staggering $22 million dollar ransom to AlphV, the gang behind the cyberattack, to prevent the misuse of this stolen data. However, after receiving the payment, AlphV fractured. The member who was responsible for attacking Change Healthcare claimed they had not been given their share of the ransom. They also claimed to have all the stolen data in their possession.

RansomHub, a newer ransomware gang, is now claiming to be associated with the former AlphV member who got ripped off by their ex gang mates. RansomHub is also demanding Change Healthcare pay an undisclosed sum as a second ransom to prevent it from selling the data. To show its threats are serious, the gang has already leaked some patient data that appears to be legitimate.

Maddeningly, this whole disaster appears to have started because Change Healthcare failed to set up two-factor authentication (2FA) on its remote access software. So, when AlphV compromised a Change Healthcare user’s username and password, there was nothing to stop the gang from gaining access to the health giant’s network.

So, take this as a reminder to set up 2FA to protect your accounts if you haven’t already! And be on the lookout for data breach notifications from Change Healthcare in the coming months to see if your data was exposed in the attack.

Until next time, stay safe out there!