From Ars Technica, by Andy Greenberg and Matt Burgess:
Change Healthcare, a prominent healthcare company in the U.S., has been embroiled in a significant ransomware debacle, initially victimized by the group AlphV, which encrypted the company’s network and received a $22 million ransom payment. Now, a new ransomware group, RansomHub, claims to possess 4 terabytes of Change Healthcare’s stolen data and is demanding its own ransom. While the origins of RansomHub’s data are unclear, security analysts suggest that the threat may be legitimate. This situation highlights the risk of re-extortion in ransomware attacks and the untrustworthiness of cybercriminals, even after ransoms are paid. The ongoing attack has caused severe disruptions across U.S. medical practices, with 80% of clinicians reporting revenue loss and many facing potential bankruptcy.