Change Healthcare breach
There is evidence that the ransomware group behind the Change Healthcare breach, which has caused chaos for hospitals and pharmacies attempting to handle prescriptions, may have received $22 million from UnitedHealth Group.
Researchers studying security issues discovered a post made by an associate member claiming to be a member of the ALPHV/Blackcat ransomware group in a Russian forum used by cybercriminals. According to the member, Optum, a subsidiary of UnitedHealth Group, paid $22 million to obtain a decryption key and “prevent data leakage” to escape the continuous disruption at Change Healthcare, another UnitedHealth subsidiary.
After that, the forum post provides a link to a Bitcoin wallet that appears to have received 350 bitcoins. ALPHV, which mentions Recorded Future and TRM Labs as security companies, has also been linked to the same wallet.
$22 Million ransom?
Ironically, the affiliate member divulged claims that they were duped out of that $22 million by the administrators of ALPHV. The affiliate member continues, saying, “Be careful everyone, and stop dealing with ALPHV.” They claim to still have 4TB of Change Healthcare stolen data.
A representative for UnitedHealth Group stated, “All I can share is that we remain focused on the investigation and recovery of our operations,” in response to the alleged Bitcoin payment.
Content was cut in order to protect the source.Please visit the source for the rest of the article.