What You Should Know:
– UnitedHealth Group is embroiled in a new ransomware saga, just as it recovers from a February attack, according to a blog post from threat intelligence firm SOCRadar.
– A hacking group called RansomHub claims to possess 4 terabytes of stolen data from UnitedHealth’s subsidiary, Change Healthcare and is demanding a ransom to prevent its release.
RansomHub’s Demands and Allegations
This data supposedly includes the personal details and medical records of “millions” of patients. RansomHub demands payment from UnitedHealth to prevent the data from being sold on the dark web. The group claims to be the same affiliate that conducted the February attack under the umbrella of the now-defunct ALPHV/Blackcat ransomware gang.
According to RansomHub, ALPHV pocketed the alleged $22M ransom paid by UnitedHealth and did not share it with the affiliate responsible for the breach. This has fueled speculation that RansomHub could be a rebranded ALPHV seeking their “cut” of the ransom.
Uncertainties and UnitedHealth’s Response
Security researchers remain cautious. RansomHub hasn’t provided proof of possessing the data by leaking samples. Additionally, some believe RansomHub might simply be a rebranded ALPHV. UnitedHealth has acknowledged the reports but offered no details on the ransom payment or the legitimacy of the claims.
Potential Repercussions
If RansomHub’s claims are true, UnitedHealth faces a difficult decision: pay another ransom or risk a massive data breach. This incident highlights the growing threat of ransomware attacks on healthcare providers and the sensitive data they manage.
