Change Healthcare, a health technology company of UnitedHealth Group, has announced that it has fallen victim to a ransomware attack. This event is still causing disruptions in hospitals and pharmacies across the United States. Change Healthcare is the leading payment exchange platform, trusted by over 70,000 pharmacies nationwide. On a global scale, UnitedHealth Group (UHG) is the world’s largest healthcare firm, employing 440,000 people worldwide.
The BlackCat ransomware group has confirmed executing a malicious attack on Optum, a UnitedHealth Group (UHG) company. This malicious activity has caused continuous service interruptions on the Change Healthcare platform.
UHG’s collaboration with 1.6 million physicians and care workers expands its reach to 8,000 hospitals and different care facilities, establishing a massive presence in the healthcare sector.
Change Healthcare and Optum, a US healthcare company, merged in 2022, signalling a significant change in the market. UnitedHealth Group, the largest health insurance company in the United States, managed the $7.8 billion deal.
BlackCat ransomware group reappeared, claiming a large-scale data breach, just one week after an unsuccessful law enforcement arrest. Their Tor-based leak site allegedly comprises stolen data from Change Healthcare. The scope of the data breach is unexpected, with the group promoting the obtaining of 6 terabytes of data.
The group claims that in addition to several types of information, the stolen data contains a variety of health record types, payment information, personally identifiable information, insurance records, and source codes. The attack apparently affected both citizens and individuals of the US military.
According to Blackcat group:
Being inside a production network one can imagine the amount of critical and sensitive data that can be found. The data relates to all Change Health clients that have sensitive data being processed by the company.
Change healthcare cyberattack disrupts pharmacies and hospitals, affecting millions
UnitedHealth Group verified that the attack was executed out by a cybercrime group in a regulatory report filed with the US Securities and Exchange Commission. However, the company did not disclose any information on the incident.
UnitedHealth Group mentioned:
On February 22, 2024, we disclosed the occurrence of a cybersecurity incident. We continue to investigate the extent of the incident, which we believe was committed by cybercrime threat actors.
The incident, which launched on February 21 and mostly affected the East Coast of the United States, caused significant disruptions at pharmacies and medical facilities. In order to remove the attackers from its infrastructure, Change Healthcare reported putting a sizable section of its systems down.
Optum issued a timely update on their dedicated status page, informing users that work is underway to restore and put impacted services back online. The statement highlighted that the current complications do not affect Optum, UnitedHealthcare, or UnitedHealth Group systems.
According to KLKN-TV, the majority of Nebraska hospitals are dealing with substantial issues as a result of Change Healthcare’s extending attack. These challenges include the inability to validate patient insurance for surgical procedures, provide accurate cost estimates, and promptly handle patient billing.
Tricare, the US military health insurance company, published a statement noting the breach at Change Healthcare, claiming that it affects all military pharmacies worldwide and several retail pharmacies nationwide.
Tyler Mason, Vice President at UnitedHealth Group, did not directly disclose BlackCat’s participation in the event. While the issues caused by Change Healthcare impacted a significant number of pharmacies, a positive development emerged this week. According to Mason, over 90% of the affected 70,000+ pharmacies have successfully transitioned to new electronic claim procedures.
The FBI, CISA, and the Department of Health and Human Services all issued a warning. They underline the special threat posed by Blackcat ransomware affiliates, which primarily target organisations in the United States healthcare sector.
The FBI has linked BlackCat to over 60 breaches during its first four months of operation. During this time, the group successfully collected more than $300 million in ransoms from a stunning 1,000 victims, a troubling trend that continued until September 2023.
Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.