BlackCat is back, claims theft of 6TB of Change Healthcare data

What’s known as of Thursday 29 February (Leap Day) about the Change Healthcare cyberattack:

  • Change and Optum have attributed it to BlackCat/ALPHV as of today. From Becker’s HealthIT:  “Change Healthcare can confirm we are experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” an Optum spokesperson emailed Becker’s on Feb. 29. “We are actively working to understand the impact to members, patients and customers.”
  • BlackCat is claiming it stole 6 terabytes (TB) of data in the breach. From Bleeping Computer 28 Feb:

BlackCat said that they allegedly stole 6TB of data from Change Healthcare’s network belonging to “thousands of healthcare providers, insurance providers, pharmacies, etc.”

The ransomware gang claims that they stole source code for Change Healthcare solutions and sensitive information belonging to many partners, including the U.S. military’s Tricare healthcare program, the Medicare federal health insurance program, CVS Caremark, MetLife, Health Net, and tens of other healthcare insurance providers.

Per BlackCat’s claims, the sensitive data stolen from Change Healthcare contains a wide range of information on millions of people, including their:

  • medical records
  • insurance records
  • dental records
  • payments information
  • claims information
  • patients’ PII data (i.e., phone numbers, addresses, social security numbers, email addresses, and more)
  • active U.S. military/navy personnel PII data

Tyler Mason, UnitedHealth Group VP, had earlier stated to Bleeping Computer that 90% of the 70,000+ affected pharmacies switched to new electronic claims procedures to avoid the Change Healthcare issues. 

While this cybertheft appears breathtaking in its scope and perfect revenge as a “dish best eaten cold” for the December takedown of their websites, the amount and type of data in the exploit may be exaggerated for purposes of negotiating a rich settlement. As of today, BlackCat has not offered a number for ransom. This theft may be worth far more in selling the data to other cybercriminals in Russia, Eastern Europe, and China than demanding a ransom from UHG/Optum, which may decide to rebuild systems rather than pay up [TTA 27 Feb].

Categories: Latest News.