Change Healthcare Confirms Paying $22 Million Ransom to AlphV Hackers
In a long-awaited confirmation, Change Healthcare has acknowledged paying a staggering $22 million ransom to the notorious AlphV hackers. The payment, equivalent to 350 bitcoins, was made more than two months after the company fell victim to one of the worst ransomware attacks in cybersecurity history. The transaction was initially brought to light by a disgruntled AlphV partner on the Russian cybercriminal forum RAMP, who complained about not receiving their share of the payment.
Fueling Fears of Increased Targeting of Healthcare Companies
Cybersecurity experts, such as Jon DiMaggio from Analyst1, have expressed grave concerns that AlphV’s successful extortion of Change Healthcare will incentivize other ransomware gangs to target healthcare organizations. DiMaggio emphasized, “It 100 percent encourages other actors to target health care organizations. And it’s one of the industries we don’t want ransomware actors to target—especially when it affects hospitals.”
Costly Consequences for the US Healthcare System
The fallout from the Change Healthcare attack has been catastrophic for the US healthcare system. The company estimates that the incident will cost them between $75 million and $95 million in the near term, with projections surpassing a billion dollars in the long run. Shockingly, much of this damage occurred even after Change Healthcare had paid the exorbitant ransom, which was meant to secure a decryption key and prevent the leaking of stolen data.
A Vicious Cycle Fueled by Ransomware Payments
According to cryptocurrency tracing firm Chainalysis, ransomware victims paid hackers a staggering $1.6 billion in 2023 alone. While Change Healthcare’s $22 million payment may seem like a small fraction of this total, it both rewards AlphV for their highly damaging attacks and suggests to other ransomware groups that healthcare companies are particularly lucrative targets.
Double-Crossing in the Ransomware Underground
Adding to Change Healthcare’s woes, a second ransomware group, RansomHub, now claims to possess the company’s stolen data. This development stems from an apparent double-cross within the ransomware ecosystem, where AlphV allegedly faked its own law enforcement takedown to avoid sharing the ransom payment with its affiliates. RansomHub claims to have obtained the data from these disgruntled affiliates, who still seek payment for their work.
“If it gets leaked after they paid $22 million, it’s pretty much like setting that money on fire,” DiMaggio warned in March. “They’d have burned that money for nothing.”
The situation leaves Change Healthcare with little assurance that its compromised data won’t be further exploited, despite having paid one of the largest ransoms in history. The incident serves as a stark reminder of the ever-evolving threats posed by ransomware and the dire consequences faced by targeted organizations, particularly those in the healthcare sector.
5 Comments
Seems like Change Healthcare’s wallet took a hit only for their security to still be a joke; truly, a double whammy.
Paying up and still getting burned, where’s the justice in that?
Change Healthcare’s attempt to buy peace clearly bought them more trouble instead, what an ironic twist of fate!
Jack H. Parker: Looks like Change Healthcare’s strategy of “pay now, secure later” didn’t quite pan out, huh?
So Change Healthcare thought throwing money at hackers would fix it? Surprise, surprise.