Apr 16, 2024 - Technology

Hackers start leaking stolen Change Healthcare data

Illustration of a prescription paper being digitized.

Illustration: Aïda Amer/Axios

The RansomHub hacking group is starting to share snippets of the data stolen from Change Healthcare's networks during a recent attack.

Why it matters: Initial screenshots published Monday and seen by Axios suggest that hackers have stolen a trove of sensitive information, including patients' hospital bills, financial documents and company contracts.

  • There's currently a countdown on RansomHub's dark-web leak site threatening to publish the data on Friday.

Catch up quick: RansomHub is the second ransomware gang to come into possession of data stolen from the Change Healthcare's networks.

  • Change Healthcare, which provides billing support to pharmacies and insurers, has been cleaning up the fallout from a wide-reaching ransomware attack since February.
  • Last month, Wired reported that the company appeared to have paid the BlackCat ransomware group a hefty $22 million to prevent a data leak and unlock its systems.

Zoom in: In a post Monday evening, RansomHub said it possesses more than 4 terabytes of data stolen during the ChangeHealthcare attack.

  • RansomHub claims to have medical records, payments information, patients' Social Security numbers and details about accounts with various Change customers.
  • Screenshots show the group could have data like a patient's specific hospital bill, including procedure codes, and details about payments made to Medicare accounts.

Between the lines: It's common for ransomware gangs to post intimidating messages on their dark web sites to force a company to make a ransom payment.

What they're saying: "Our investigation remains active and ongoing," a Change Healthcare spokesperson told Wired on Friday. "There is no evidence of any new cyber incident at Change Healthcare."

  • A spokesperson for ChangeHealthcare did not immediately respond to Axios' request for comment on Monday.

What's next: RansomHub claims it won't leak the full trove of data if it receives a payment by Friday.

Reality check: Ransomware gangs are known to break their promises.

Go deeper