Round 2: Change Healthcare Targeted in Second Ransomware Attack

RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company.

Change Healthcare reportedly is facing another attack, this time by ransomware gang RansomHub, just weeks after it became a victim in an
ALPHV/BlackCat cyberattack
.
RansomHub is demanding an extortion payment for an alleged 4TB of data it stole from the company; otherwise, its threatening to sell the data to the highest bidder in 12 days.
The stolen information contains the sensitive data of US military personnel and patients, as well as medical records and financial information, among other things.
Change Healthcare and United Health, you have one chance in protecting your clients data,
RansomHub
reportedly said. The data has not been leaked anywhere and any decent threat intelligence would confirm that the data has not been shared nor posted.
This puts Change Healthcare, a subsidiary of United Healthcare, in what likely is a difficult position in having to decide whether or not paying the ransom is its best option when it has only just gotten back on its feet from the last attack.
According to Malachi Walker, security adviser at DomainTools,
whose team has been following ALPHV/BlackCats activity
, this new information supports a few theories that our team has suggested; but no matter the case, its unfortunate that Change Healthcare is caught in the middle of this conflict between two rival gangs, he said in an emailed statement.
Even if not connected to BlackCat, RansomHub could be claiming ties to their victims to scare them into making a payment, he added. There is a vast underground economy booming around the ransomware scene today where affiliate programs recruit on hacker forums, initial access brokers sell footholds into organizational networks, and ransomware groups collaborate to share information.
Though there is significant speculation regarding whether ALPHV rebranded to RansomHub, or if there is any connection at all, Walker said there is no confirmation, as its too early to tell.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Round 2: Change Healthcare Targeted in Second Ransomware Attack