Well, this is really disappointing news.
You might recall that Change Healthcare was pwned. That caused large amounts of disruption for healthcare providers. On top of that, the responsible party was apparently Black Cat/ALPHV who were in the Change Healthcare network for days before they launched the attack. But it gets worse from there. Word started to leak out that a ransom had been paid, and that payment caused some knock on effects within the group that pwned Change Healthcare. Specifically they started to fight amongst themselves to get a cut of the cash. On top of that, HHS launched an investigation into the hack. Which is not good news for Change Healthcare. With that out the way, let’s get to today’s news. Change Healthcare has actually admitted that they paid the ransom:
In a statement sent to WIRED and other news outlets on Monday evening, Change Healthcare wrote that it paid a ransom to a cybercriminal group extorting the company, a hacker gang known as AlphV or BlackCat. “A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure,” the statement reads. The company’s belated admission of that payment accompanied a new post on its website where it warns that the hackers may have stolen health-related data that would “cover a substantial proportion of people in America.”
Change Healthcare’s statement didn’t state the size of the ransom payment. In a hearing held by the US Senate’s Finance Committee on May 1, however, Andrew Witty, CEO of Change Healthcare parent company UnitedHealth Group, confirmed that the payment was $22 million.
Here’s the problem with this. Actually two of them:
- It encourages groups like these to continue to attack organizations because they are getting paid.
- With the infighting within Black Cat/ALPHV, it means that there isn’t any guarantee that whatever data they stole will get deleted.
So Change Healthcare might think that they have dealt with this by cutting a cheque, but I question if they really have. I wouldn’t be surprised if weeks or months from now it turns out that they haven’t given the current state of play.
Related
This entry was posted on May 6, 2024 at 1:38 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Change Healthcare Paid A Ransom To Deal With Being Pwned…. Maybe
Well, this is really disappointing news.
You might recall that Change Healthcare was pwned. That caused large amounts of disruption for healthcare providers. On top of that, the responsible party was apparently Black Cat/ALPHV who were in the Change Healthcare network for days before they launched the attack. But it gets worse from there. Word started to leak out that a ransom had been paid, and that payment caused some knock on effects within the group that pwned Change Healthcare. Specifically they started to fight amongst themselves to get a cut of the cash. On top of that, HHS launched an investigation into the hack. Which is not good news for Change Healthcare. With that out the way, let’s get to today’s news. Change Healthcare has actually admitted that they paid the ransom:
In a statement sent to WIRED and other news outlets on Monday evening, Change Healthcare wrote that it paid a ransom to a cybercriminal group extorting the company, a hacker gang known as AlphV or BlackCat. “A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure,” the statement reads. The company’s belated admission of that payment accompanied a new post on its website where it warns that the hackers may have stolen health-related data that would “cover a substantial proportion of people in America.”
Change Healthcare’s statement didn’t state the size of the ransom payment. In a hearing held by the US Senate’s Finance Committee on May 1, however, Andrew Witty, CEO of Change Healthcare parent company UnitedHealth Group, confirmed that the payment was $22 million.
Here’s the problem with this. Actually two of them:
So Change Healthcare might think that they have dealt with this by cutting a cheque, but I question if they really have. I wouldn’t be surprised if weeks or months from now it turns out that they haven’t given the current state of play.
Share this:
Like this:
Related
This entry was posted on May 6, 2024 at 1:38 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.