American health insurance Giant UnitedHealth Group has confirmed a ransomware attack on its health technology subsidiary Change Healthcare continues to plague hospitals and pharmacies across the United States.
“Change Healthcare can confirm that we are experiencing a cybersecurity issue perpetrated by a cybercrime threat actor posing as ALPHV/Blackcat,” Tyler Mason, vice president of UnitedHealth, said in a statement to TechCrunch on Thursday.
“Our experts are working to address the issue and we are working closely with law enforcement and leading third-party consultants, Mandiant and Palo Alto Network[s], in this attack on Change Healthcare’s systems. We are actively working to understand the impact on members, patients and customers,” the spokesperson said.
“Based on our ongoing investigation, there is no indication that other than the Change Healthcare systems, the Optum, UnitedHealthcare and UnitedHealth Group systems have been affected by this issue.”
In a post on the dark web leak site on Wednesday, ALPHV/BlackCat took credit for the cyberattack on Change Healthcare. Russia-based ransomware and extortion gang claimed to have stolen millions of sensitive health and patient information from Americans. Ransomware gangs usually publish the names of their victims on their dark websites with leaks often as a way to blackmail victims into paying a ransom demand.
The ALPHV/BlackCat claims could not be immediately verified. ALPHV took down the post claiming responsibility, sometimes an indication that the victim is negotiating with the hackers. A spokesman for UHG Mason did not respond to a request for comment asking if the company paid a ransom or is in negotiations with the hackers.
TechCrunch confirmed on Monday that the ongoing cyber attack was linked to ransomware. Reuters first reported the news.
UHG’s subsidiary Change Healthcare is a health technology giant and one of the nation’s largest producers of prescription drugs, handling billing for more than 67,000 pharmacies across the US healthcare system. The health care tech giant’s website says it handles 15 billion health care transactions annually — or about one in three U.S. patient records.
Change Healthcare merged with US health care provider Optum in 2022 as part of a $7.8 billion deal under UnitedHealth Group, the largest health insurance provider in the United States. The merger gave Optum broad access to patient records managed by Change Healthcare.
UnitedHealth Group collectively provides benefit plans to more than 53 million customers in the U.S. and another five million outside the United States, according to its latest full-year earnings report. Optum serves approximately 103 million customers in the US.
Pharmacy holidays halt prescriptions
The cyberattack began on February 21 early on the US East Coast, causing widespread outages at pharmacies and healthcare facilities. Change Healthcare said it took many of its systems offline to flush the hackers out of its systems.
Change Health incident tracking page shows that most of the client-facing systems remain offline.
Hospitals, health care providers and pharmacies across the United States have reported that they are unable to fill or process prescriptions through patients’ insurance.
Nebraska TV outlet KLKN-TV reports that the majority of Nebraska hospitals are unable to verify patient insurance for hospital stays, provide accurate cost estimates, or process patient billing as a result of the ongoing Change Healthcare cyber attack.
US military health insurance provider Tricare said in a statement this week that the cyberattack on Change Healthcare “affects all military pharmacies worldwide and some retail pharmacies nationwide.”
UnitedHealth previously attributed the cyberattack to an unspecified nation-state actor. Investigators have yet to determine the relationship between the ALPHV/BlackCat group and a government.
“The ransomware problem has been getting worse for years. If governments don’t get it under control quickly, critical services will continue to be disrupted, with potentially catastrophic consequences,” Brett Callow, ransomware expert and threat analyst at Emsisoft, told TechCrunch.
It is not yet clear how the hackers gained access to Change Healthcare’s systems. In an interview with TechCrunch on Thursday, ConnectWise chief information security officer Patrick Beggs ruled out a recent vulnerability in his company’s products as the cause of the Change Healthcare cyberattack.
“With all the subsidiaries, including United up to Change Healthcare, we have no record or no indication [managed service provider supporting them, or them themselves having ScreenConnect installed on their infrastructure,” Beggs told TechCrunch.
UnitedHealth made $22 billion in profit during 2023, according to its full-year earnings filed in January. According to the company’s most recent report on executive pay, UnitedHealth’s chief executive Andrew Witty received close to $21 million in total compensation during the previous fiscal year.
TechCrunch’s Carly Page contributed reporting.
Do you work at Change Healthcare, Optum or UnitedHealth and know more about the cyberattack? Get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.
