Change Healthcare, a subsidiary under the UnitedHealth Group umbrella, is facing renewed threats of extortion barely a month after succumbing to ransom demands to safeguard data stolen during a ransomware attack in February 2024.

This malicious attack, orchestrated by the ALPHV/BlackCat ransomware gang, disrupted healthcare operations across the USA, compromising sensitive data, including personal and financial records.

In the aftermath of the attack, the BlackCat group claimed accountability but soon shuttered operations following a raid by the FBI.

dig.watch ALPHV/BlackCat ransomware gang claims cyberattack on Change Healthcare The gang is saying that it stole 6TB of data in the attack. 29 Feb 2024 dig.watch ALPHV/BlackCat ransomware gang claims cyberattack on Change Healthcare The gang is saying that it stole 6TB of data in the attack. 29 Feb 2024

Now, a new ransomware entity, known as RansomHub, has emerged, claiming that it has stolen data and threatening to expose it unless another ransom is met.

Image credit: DarkWebInformer's X account.

RansomHub, which surfaced in February 2024, has former affiliates of BlackCat among its ranks, potentially shedding light on how they managed to access Change Healthcare's data.

Despite speculation about RansomHub's connections to BlackCat, SOCRadar has suggested they may be distinct entities, with RansomHub's inception predating BlackCat's dissolution.