Apr 17, 2024 1 min read

Hackers start selling Change Healthcare data

Hackers start selling Change Healthcare data unknown

Hackers have reportedly begun to sell patient data and business agreements they claim were stolen in the Change Healthcare cyberattack.

The RansomHub cybercriminal gang wrote on the dark web April 15 that it put information obtained in the hack of the UnitedHealth Group subsidiary up for sale, according to screenshots posted on X by cybersecurity researchers.

This development comes after the group reportedly leaked contracts and patient data purportedly stolen in the cyberattack as proof of its haul April 14, and UnitedHealth Group already allegedly paid another hacking group $22 million — a claim the company has not confirmed.

"The information being published by RansomHub is pretty convincing, with screenshots of legal documents (trader partner agreements), bills for services to providers, Medicare claim information (which includes sensitive PII), payment information, and more," Sean McNee, PhD, vice president of research and data at DomainTools, told SC Media. "The variety of data being leaked indicates that the data dump was not limited to one or a few systems. Indeed, if this data and more becomes fully leaked, it could be devastating to the individuals affected."

RansomHub says it has information from several major payers obtained from the back, and the payers can contact the gang — likely to negotiate ransom payments — if they want to prevent the data from being leaked or sold, according to the screenshots.

"Change Health and United Health processing of sensitive data for all these companies is just something unbelievable," the hackers wrote, per the screenshots. "For most US individuals out there doubting us, we probably have your personal data."

Among the information RansomHub leaked include "a hospital record for a 74-year-old woman in Tampa, Florida; and part of a database record related to US military service members' health care," Wired reported April 16.

Change Healthcare processes about 15 billion transactions annually, handling an estimated 1 in 3 patient records in the U.S. The massive hack disrupted claims processing at health systems and physician offices across the country.

Becker's reached out to Change Healthcare for comment on the alleged data sale. "We are working with law enforcement and outside experts to investigate claims posted online to understand the extent of potentially impacted data," the company told Becker's after the purported leak April 15. "Our investigation remains active and ongoing."