x
Breaking News
More () »

What we know about reported healthcare hack ransom payment

The speculated $22 million ransom payment involving Change Healthcare would be the second-highest ransom payment in U.S. history if confirmed.

MINNEAPOLIS — Less than two weeks ago, Change Healthcare, a subsidiary of UnitedHealthcare, was hacked.

The company has confirmed the hack publicly.

A recently released statement says, “We are working on multiple approaches to restore the impacted environment and continue to be proactive and aggressive with all our systems, and if we suspect any issue with the system, we will immediately take action.”

The company says it appears a ransomware group called ALPHV/Blackcat has claimed responsibility for the attack.

The hackers claimed to have stolen six terabytes worth of medical information.

The hack has caused all kinds of problems for hospitals and pharmacies that can’t get paid, and patients who couldn’t get their prescription medications.

And now, Wired, a science and technology media company, reports UnitedHealthcare may have paid the hackers a $22 million ransom payment.

The article claims $22 million worth of Bitcoin was sent to a known hacker group called AlphV on March 1. The article cites experts and a hacker who believe this payment was a ransom paid by UnitedHealthcare.

KARE 11 reached out to UnitedHealthcare to try and confirm this information and a company spokesperson sent this statement in reply, “We are focused on the investigation and restoring operations at Change.”

So, no confirmation, but the company also isn't disputing the claims, either.

If this payment really happened, cybersecurity experts say it could be one of the largest payouts in history.

Bryce Austin with TCE Strategy recently sat down with KARE 11 News reporter Gordon Severson to talk about the growing problem of ransomware attacks.

GORDON SEVERSON: “Where does this possible ransom payment rank among others? If this $22 million payment is confirmed, is it the largest amount a company has paid?”

BRYCE AUSTIN: “There’s a good possibility we are seeing the second-largest known ransomware payout in history.”

GORDON: “What is number one?”

BRYCE: “Number one was CNA Financial. The company paid $40 million. To my knowledge, that is the largest payout that has been publicly disclosed.”

GORDON: “How often do these companies end up paying the ransom?

BRYCE: “Getting this information is challenging because most companies don’t talk about it. We saw a wonderful example of a company paying versus not paying last year in Las Vegas where both Caesar's and MGM got hit by the same group and almost at the same time.

MGM decided not to pay and kudos to them, but they have openly said the disruption has cost them over $100 million in lost revenue. Caesar's chose to pay, but they paid $15 million instead of $100 million.”

GORDON: “Why do companies pay? When you are in these situations with your clients, what goes into these decisions on whether or not to pay a ransom?”

BRYCE: “The key is whether or not a company has offline backups of their data. The difficulty comes in when there isn’t an option other than shutting your doors when you have a ransomware attack. 

My company has worked a ransomware engagement where the initial demand was $8 million, and regrettably, the payout was more than $1 million. 

My company has worked instances where we had 800 jobs on the line and as distasteful as paying a ransom is, there’s a reasonable argument to be made that having 800 people out of work is even more distasteful.”

GORDON: “Is it possible there could be other payments out there that just haven’t been made public yet?”

BRYCE: “Oh, absolutely. most companies do not want to advertise that they have fallen victim to this kind of attack.”

GORDON: “Do these payouts create a concern that it is encouraging more of this behavior?”

BRYCE: “If every company refused to pay flatly, the issue of ransom would go away. When a cybercriminal gets their hooks into your company where the choice is to pay the ransom or shut your doors, the reality of the situation gets a lot more complicated.”

GORDON: “Could this just be the tip of the iceberg that in the years to come those payouts could just continue to get bigger?”

BRYCE: “It was common to see ransomware in the tens of thousands of dollars five years ago. In the hundreds of thousands of dollars two years ago, and now the million and multimillion is becoming more and more common.”

GORDON: “Another concern is these millions of dollars we don’t know where that’s going or what that’s being used for.”

BRYCE: “It is very much a concern. In this case the BlackCat or AlphV ransomware group is widely attributed to Russian organized crime, so the odds this is going to Russian organized crime is extremely high. That is a problem.

We have an adversarial relationship with Russia and when you have a country that is encouraging these kinds of groups to go after large companies, it’s a big problem.”

WATCH MORE ON KARE 11+

Download the free KARE 11+ app for Roku, Fire TV, Apple TV and other smart TV platforms to watch more from KARE 11 anytime! The KARE 11+ app includes live streams of all of KARE 11's newscasts. You'll also find on-demand replays of newscasts; the latest from KARE 11 Investigates, Breaking the News and the Land of 10,000 Stories; exclusive programs like Verify and HeartThreads; and Minnesota sports talk from our partners at Locked On Minnesota. 

Watch more Breaking The News:

Watch all of the latest stories from Breaking The News in our YouTube playlist:

Before You Leave, Check This Out