We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Change Healthcare Extorted by 2nd Ransomware Gang

Change Healthcare Extorted by 2nd Ransomware Gang
Author Image Husain Parvez
Husain Parvez Published on 11th April 2024 Cybersecurity Researcher

Change Healthcare, an affiliate of UnitedHealth Group, is once again grappling with a ransomware threat. This development follows a recent incident where UnitedHealth Group allegedly shelled out $22 million to the Alphv/BlackCat gang to resolve a previous ransomware attack, as detailed in an earlier report.

Despite this substantial payout, Change Healthcare has now attracted the attention of another ransomware gang, RansomHub. The group claims to hold the same 4TB of data (comprising personal, financial, and medical information of US military personnel and patients) that Alphv used to extort Change Healthcare previously.

The goal of RansomHub is to pressure Change Healthcare into paying a ransom to prevent the public release of the stolen data. “The data has not been leaked anywhere and any decent threat intelligence would confirm that the data has not been shared nor posted,” RansomHub reportedly asserted.

RansomHub seems to have gotten hold of the data after an affiliate of Alphv that achieved the initial intrusion into Change Healthcare’s network, wasn’t paid their cut of the paid ransom. Instead, it appears that Alphv may have taken the money and disappeared, under the guise of the leak site being “seized”. This narrative supposedly came to light from the affiliate themselves, posted in a Russian-language cybercrime forum.

If the above is true, it’s possible that the affiliate retained the data it stole and now switched allegiances to RansomHub in a second attempt to get ransom money. It’s also possible that this is a simple rebrand — RansomHub may be run by core members of the Alphv gang, though there is no conclusive evidence supporting this.

The ongoing cybersecurity challenges faced by Change Healthcare echo a broader trend in the healthcare sector. Pharma giant Cencora recently acknowledged a significant data breach, highlighting the sector's vulnerability to cyberattacks. This series of incidents underlines the urgent need for stronger cybersecurity measures across the healthcare industry, and showcases why paying out ransoms is generally not recommended.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.