The number of people affected by the Change Healthcare ransomware attack earlier in 2024 is now thought to have affected around 100 million people, new reports have confirmed.
The attack on Change Healthcare took place in February 2024, and is now thought to be the most disruptive ransomware attacks ever to strike the US healthcare industry after the US Department of Health and Human Services Office for Civil Rights updated the number on its data breach portal to 100 million.
“On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach,” the Office for Civil Rights stated on its FAQ page.
Snowflake and MFA
The attack saw an affiliate of the dreaded ALPHV ransomware organization (AKA BlackCat) breach Change Healthcare to steal 6TB of sensitive customer data.
The information stolen included health insurance information (health plans and policies, insurance companies, different ID numbers, Medicaid-Medicare-government payor ID numbers), health information (medical record numbers, diagnoses, tests and results, care and treatment data, medicines), billing, claims, and payment information (claim numbers, account numbers, payment cards, financial and banking information, and more), and other personally identifiable information (Social Security Numbers, driver’s license numbers, and more).
Change Healthcare ended up paying $22 million in ransom in exchange for the data. The money never made it to the affiliates responsible for the attack, and was instead grabbed by the ransomware’s operators (who were only to receive a portion of the payment), which later shut down its infrastructure and disappeared, leaving the affiliate holding the data.
That affiliate later started their own ransomware operation and are today known as RansomHub – and since RansomHub never posted the stolen data, many speculate that a second ransom may have been paid.
The cyberattack sent ripples throughout the healthcare system, preventing doctors and pharmacies from filing claims, and preventing pharmacies from accepting discount cards.
Via BleepingComputer