An ongoing cyberattack on US health tech giant Change Healthcare that caused outages and outages at hospitals and pharmacies across the US last week was caused by ransomware, according to TechCrunch.
A healthcare executive with knowledge of the incident, who was on a call briefed by company executives, said the healthcare tech giant attributed the cyberattack to the BlackCat ransomware group.
Reuters first reported the news linking the cyberattack to BlackCat, citing two people familiar with the incident.
A representative for Change Healthcare did not immediately respond to a request for comment.
BlackCat, often referred to as ALPHV, has yet to publicly claim responsibility for the cyber attack. Ransomware and extortion gangs commonly publish portions of a victim’s stolen data to extort a ransom demand. Ransomware attacks typically scramble a victim’s files and demand a ransom to obtain the decryption key. Newer cyberattacks often involve cybercriminals stealing a victim’s data before encrypting it.
It is not yet known if patient data was stolen in the ransomware attack.
UnitedHealth Group (UHG), Change Healthcare’s parent company and the largest U.S. health insurance provider, said in a government regulatory filing last week that it detected a “suspicious nation-state” threat actor in its systems, but did not attribute the cyber attack on a specific government or state.
The accuracy of UHG’s cyberattack attribution remains unclear, as cybersecurity researchers have not previously linked the BlackCat gang to a nation-state or government.
Change Healthcare is an American healthcare technology giant and one of the nation’s largest prescription drug processors, handling prescriptions and billing more than 67,000 pharmacies across the US healthcare system. The company handles 15 billion healthcare transactions annually — or about one in three U.S. patient records.
Change Healthcare merged with health care provider Optum in 2022 as part of a $7.8 billion deal under UnitedHealth Group. The deal allowed Optum broad access to patient records managed by Change Healthcare.
UnitedHealth Group collectively provides benefit plans to more than 53 million U.S. customers and another 5 million outside the United States, according to its latest full-year earnings report. Optum serves approximately 103 million customers in the US.
The Change Healthcare cyberattack began early on February 21st on the US East Coast, causing widespread outages at pharmacies and healthcare facilities. Change Healthcare said it took many of its systems offline to flush the hackers out of its systems.
Change Health incident tracking page shows that almost all client-facing systems remain offline.
Hospitals, health care providers and pharmacies have reported being unable to fill or process prescriptions through patients’ insurance.
The American Hospital Association (AHA), which represents more than 5,000 hospitals and health care providers, said members in a statement last Friday to “consider disconnection from Optum until it is independently deemed safe to reconnect” and warned of “significant cascading and disruptive effects” caused by the cyberattack.
Columbia University, which runs one of New York’s largest hospitals, told staff on Friday to unplug all his systems from UnitedHealth Group, Change Healthcare and Optum and blocked access to their email domains.
Tricare, the US military’s health insurance provider for active-duty military personnel, said in a statement that the cyberattack on Change Healthcare “affects all military pharmacies worldwide and some retail pharmacies nationwide.”
BlackCat/ALPHV has previously taken credit for cyberattacks targeting US healthcare giant Norton, news-sharing site Reddit and mortgage and loan giant Fidelity National Financial.
Do you work at LoanDepot and know more about the incident? Zack Whittaker can be reached on Signal and WhatsApp at +1 646-755-8849 or via email. You can also contact us via SecureDrop.
