Your Data For Sale On The DarkWeb: Thanks to UnitedHealth Group
"I think [it's] important for the country that we own Change Healthcare."
Well, it’s happened. Per reporting in Becker’s Hospital Review, the nightmare scenario has begun:
Your protected health information is being sold by RansomHub criminals for profit.
To review:
Change healthcare was acquired by UnitedHealth Group’s Optum subsidiary.
Blackcat/ALPHV’s contractors broke into change healthcare and executed a ransom for $22m in BTC.
Blackcat/ALPHV took the money, and disappeared. They stiffed their contractors who did the hacking work.
Other hackers (who may or may not be the same as the above hackers) reported having the data—nearly 4TB—including 1/3rd of American’s most personal information.
This cohort, who go by RansomHub, threatened to disclose this information if they weren’t paid another ransom.
They weren’t paid another ransom.
Now, they are selling our most sensitive health and personal information to other malicious criminals for profit:
"The information being published by RansomHub is pretty convincing, with screenshots of legal documents (trader partner agreements), bills for services to providers, Medicare claim information (which includes sensitive PII), payment information, and more," Sean McNee, PhD, vice president of research and data at DomainTools, told SC Media. "The variety of data being leaked indicates that the data dump was not limited to one or a few systems. Indeed, if this data and more becomes fully leaked, it could be devastating to the individuals affected."
RansomHub says it obtained information from several major payers in the hack, and the payers can contact the gang — likely to negotiate ransom payments — if they want to prevent the data from being leaked or sold, according to the screenshots.
"Change Health and United Health processing of sensitive data for all of these companies is just something unbelievable," the hackers wrote, per the screenshots. "For most US individuals out there doubting us, we probably have your personal data."
And most upsettingly:
Among the information RansomHub leaked includes "a hospital record for a 74-year-old woman in Tampa, Fla., and part of a database record related to U.S. military service members' healthcare," Wired reported April 16.
According to the CEO of United—who dumped $89m in shares after a DOJ probe notice but before this clusterf*fk—had the following to say:
"I think [it's] important for the country that we own Change Healthcare."
"This attack would likely still have happened and it would have left Change Healthcare, I think, extremely challenged to come back," Mr. Witty said on the call, according to an April 16 transcript from Motley Fool. "Because it was a part of UnitedHealth Group, we've been able to bring it back. We're going to bring it back much stronger than it was before."
I don't imagine he feels that this means united should be held accountable…but I hope, as a public, we recall who had the duty to safeguard this information—and their failure.
When you've got monopoly power, you're crisis-proof…
In fact, this was the best financial quarter for UnitedHealth (UNH) with a historic high quarterly revenue of almost $100 billion.
A reminder:
1. This quarter, UNH has experienced not one, but two unprecedented cyber attacks on its Change Healthcare payment system.
2. The Department of Justice (DOJ) filed an antitrust lawsuit against UNH.
3. The UNH executives were accused of insider trading by selling over $100 million worth of UNH stock before the DOJ announcement was made public.