The Change Healthcare Ransomware Disaster


Issue #13

The Change Healthcare Ransomware Disaster

Ahoy there, fellow Netizens! This week let’s talk about the train wreck that is the Change Healthcare situation.

If you haven’t heard, Change Healthcare suffered a ransomware attack back in February that caused disruption at hospitals and pharmacies around the country. As is common with ransomware attacks, the bad actors also stole data from the health tech giant.

UnitedHealth Group, the company that owns Change Healthcare, confirmed the stolen data includes protected health information and personally identifiable information from “a substantial proportion of people in America.”

Change Healthcare paid a staggering $22 million dollar ransom to AlphV, the gang behind the cyberattack, to prevent the misuse of this stolen data. However, after receiving the payment, AlphV fractured. The member who was responsible for attacking Change Healthcare claimed they had not been given their share of the ransom. They also claimed to have all the stolen data in their possession.

RansomHub, a newer ransomware gang, is now claiming to be associated with the former AlphV member who got ripped off by their ex gang mates. RansomHub is also demanding Change Healthcare pay an undisclosed sum as a second ransom to prevent it from selling the data. To show its threats are serious, the gang has already leaked some patient data that appears to be legitimate.

Maddeningly, this whole disaster appears to have started because Change Healthcare failed to set up two-factor authentication (2FA) on its remote access software. So, when AlphV compromised a Change Healthcare user’s username and password, there was nothing to stop the gang from gaining access to the health giant’s network.

So, take this as a reminder to set up 2FA to protect your accounts if you haven’t already! And be on the lookout for data breach notifications from Change Healthcare in the coming months to see if your data was exposed in the attack.

Until next time, stay safe out there!

113 Cherry St #92768, Seattle, WA 98104-2205
Unsubscribe · Preferences

Safe Not Scammed

Subscribe to my weekly newsletter to keep up with the latest hacks, scams and privacy violations, plus what you can do to protect yourself!

Read more from Safe Not Scammed

Issue #18 Why You Can’t Trust Caller ID Image made using Canva Ahoy there, fellow Netizens! This will be the last Safe Not Scammed newsletter for a while, as I’ll be going on hiatus over the summer (and potentially beyond) due to family obligations. Thank you so much for being a subscriber! I hope you’ve found the newsletters useful! Now, let’s talk about why you should never trust Caller ID… What happened to Mark Cuban? Last weekend, Mark Cuban, the Shark Tank star and co-founder of Cost...

Issue #17 This Authenticator App Did What? Image made using Canva Ahoy there, fellow Netizens! This week, let’s talk about what happened with Raivo, a popular authenticator app for iOS. Raivo’s nasty surprise Raivo users had a nasty surprise at the end of May. After updating the authenticator app, they found their 2FA codes had been deleted, locking them out of their online accounts. Mobime, the company who owns Raivo, announced they found a way for users to restore their codes if they had...

Issue #16 Is Recall Worth the Risk? Image made using Canva Ahoy there, fellow Netizens! This week, let’s talk about Microsoft’s latest controversial feature: Recall. Recall is currently available on Microsoft’s AI powered Copilot+ PCs. It allows you to retrace what you were doing on your computer up to three months ago. It does this by taking screenshots every five seconds and storing them locally on your machine, allowing you to explore them later in a timeline format or via search. While...