Data Breach Drama: Change Healthcare Faces HHS Probe Amidst Alleged 6TB Ransomware Heist

Change Healthcare’s got a new headache: a probe into 6 TB of ‘oops’ by ALPHV ransomware. They’re sifting through the cyber-debris, while OCR sharpens its pencils. Stay tuned for the legal circus with lawsuits multiplying like bunnies. It’s compliance crunch time, folks!

Hot Take:

It’s like Change Healthcare got served a data breach buffet, and the ALPHV ransomware group brought the appetite for destruction. But instead of a mint on the pillow, they left a 6 TB-sized headache and a side of legal drama—with the HHS OCR as the uninvited dinner guest that’s now poking around in the kitchen.

Key Points:

  • HHS OCR has launched an investigation into Change Healthcare over a massive 6 TB data theft by the ALPHV ransomware group.
  • The cyberattack disrupted critical healthcare functions across thousands of US pharmacies and hospitals.
  • ALPHV, now defunct after an exit scam, claimed they nabbed data affecting health insurers, medical providers, and possibly active US military personnel.
  • Change Healthcare is on the mend, reviving services and processing claims at near pre-attack levels, despite not all pharmacies being back online.
  • Legal woes stack up as at least six class action lawsuits have been filed, with a motion to consolidate them to streamline the impending judicial jamboree.

Need to know more?


Change Healthcare is like the Phoenix rising from the ransomware ashes, gradually bringing back services after the ALPHV group's dining-and-dashing incident. The company, which apparently has a more effective revival strategy than my last houseplant, is back to processing claims like a champ. Their parent company, UnitedHealth Group, along with some cyber-sleuthing buddies from Mandiant and Palo Alto Networks, are on the case, trying to figure out how the attackers pulled off their party trick—without actually spilling the beans on what they found.


Meanwhile, Change Healthcare might need to change its name to "Change Legal Strategy" as it faces a barrage of class action lawsuits. A whopping six of these have been lobbed at the company faster than a tennis ball machine on overdrive. There's a motion in the works to bundle these litigious fireworks into one big legal bonfire, presumably to save on marshmallows (and legal fees). With lawsuits popping up in both Nashville and Minnesota, it's like a legal battle roadshow—no tickets necessary.


And let's not forget the HHS OCR, who's basically the neighbor who smells something burning and decides it's time for a wellness check. They've got their magnifying glass out, ready to scrutinize Change Healthcare's data protection practices. The OCR's letter to Change Healthcare is like a hall monitor's note: part "we're here to help" and part "don't make us come back there." It's a friendly reminder that when it comes to protecting health information, it's better to be safe than sorry—or in this case, safe than sued.


On a final note, with ALPHV's websites now as defunct as a Betamax player, the stolen data won't be making a public appearance there. But rest assured, cybersecurity defenders are on a digital scavenger hunt through the murky depths of the internet, trying to make sure this data doesn't pop up in the cyber equivalent of a sketchy flea market. And as we've learned from past ransomware soap operas, these crooks have a harder time letting go of data than I do my old concert T-shirts.

So, there you have it: hospitals and pharmacies are picking up the pieces, Change Healthcare is dusting off its servers, and the OCR is rolling up its sleeves. As for ALPHV, they've taken their final bow on the ransomware stage, exiting stage left with a Bitcoin-packed wallet and a legacy of digital mayhem. Curtain down, folks.

Tags: ALPHV Ransomware Group, data protection compliance, Forensic Analysis, Health Insurance Portability and Accountability Act, Healthcare Data Breach, Healthcare IT, ransomware payment