Hey everyone, I'm Drex and this is the two and a half minute drill. We do at least three security stories at least two times a week, all part of one great community, the 229 cyber and RISC community here at This Week Health. I try to make this a mostly English, mostly non technical update that makes it easier to share with everyone in your organization.
So here's some stuff you might want to know about. Earlier this week I reported that the cyber criminals who did the smash and grab at Change Healthcare decided to steal the whole ransom payment and keep it for themselves and not pay anything to the ransomware as a service affiliate who probably actually did all the hard work.
Well it turns out that Not only did paying the ransom not fix the problem for change, the ransomware as a service affiliate, think of them as the junior partner in this whole smash and grab, now claims to have terabytes of data from change and they're threatening to publish it for sale on dark web data leak sites.
If the senior partner in this whole drama, the cyber gang known as Black Cat or ALFV, doesn't return the Bitcoin it apparently stole from the junior partner's account. For their part, Black Cat's cyber thugs tried to make it look like law enforcement took down their site, but I'm not buying it. If law enforcement had taken down the site, they'd be taking credit for it.
By the way, Bitcoin is at an all time high again. So, it's likely Black Cat just wanted to make one more big haul, burn the affiliate bridges, scuttle their own Black Cat Alpha V brand, which is all worn out now. They'll probably take a nice stolen Bitcoin vacation. to some country that doesn't have a U. S.
extradition treaty. But what you can bet on is that they'll be back, rebranded, ready to break more stuff, probably in just a few months. It feels like I'm watching an episode of Real Housewives of the Dark Web and Andy Cohen has been asking some really hard questions and unfortunately changed healthcare and in turn you and our patients and families are the ones stuck in the middle seat on the couch.
Sorry. And now, of course, lawsuits. If Ransomware came with a label on the side of the box listing side effects, the first side effect would probably be lawsuits. Expect that patients and organizations who lost data and basically every customer of Change Healthcare will probably line up in some kind of a lawsuit in the, in the very near future.
In the meantime, the Feds have said they're considering accelerating Medicare payments on a case by case basis to those organizations that are struggling from the changed cyber event. Uh, the devil's in the details, as always, but healthcare orgs who didn't have a lot of day's cash on hand and struggle to make ends meet even in the best of times, I don't know, maybe this'll help.
And finally, UnitedHealth Group says that it expects change to be fully restored by mid March. Some systems are up and running now, from what I'm told, and mid March is like Next week, there's so much going on in cyber right now. I dropped the stories here and a bunch more at thisweekhealth. com slash news.
Go there and read and learn and share. And I'm headed to HIMSS in a couple of days. I'd love to catch up with you in person. Drop me a note at drex at thisweekhealth. com and check out the 229 cyber and risk community at thisweekhealth. com slash security. Please like and share this post and tag your friends because they need to know what's going on too.
I'm Drex. That's the two and a half minute drill. Stay paranoid. I'll see you around hymns next week.