Risk & Repeat: Change Healthcare's bad ransomware bet

Change Healthcare confirmed it paid hefty ransom to the threat actors behind the recent cyber attack, but even this was not enough to protect patient data.

On Feb. 21, Change Healthcare disclosed that it fell victim to a ransomware attack, which caused massive disruptions to company's healthcare payment management platform. The Alphv/BlackCat gang, a prolific ransomware-as-a-service operation, quickly claimed responsibility for an attack.

Alphv/BlackCat eventually made a presumed exit scam in early March, making off with a $22 million ransomware payment that researchers connected to Change Healthcare. However, UnitedHealth Group, which owns Change Healthcare, did not confirm it paid a ransom until the company issued statements to news outlets this week. Wired first reported the $22 million figure last month.

But despite Change Healthcare's payment to the Alphv/BlackCat gang, a second ransomware gang known as RansomHub claimed it obtained Change Healthcare data this month. RansomHub, which began leaking the data, claimed to have extremely sensitive information from Change Healthcare customers including patient medical records and personally identifiable information.

On this episode of the Risk & Repeat podcast, TechTarget Editorial editors Rob Wright and Alex Culafi discuss the ransomware attack against Change Healthcare and the value, or lack thereof, that often comes with paying the ransom.

Subscribe to Risk & Repeat on Apple Podcasts.

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial. Rob Wright is a longtime reporter and senior news director for TechTarget Editorial's security team. He drives breaking infosec news and trends coverage. Have a tip? Email him.