UnitedHealth Confirms Ransomware in Change Healthcare Hack
UnitedHealth Group, a prominent American health insurance company, has officially acknowledged a ransomware attack on its health technology subsidiary, Change Healthcare. This incident is ongoing and is causing disruptions in hospitals and pharmacies throughout the United States.
Tyler Mason, Vice President at UnitedHealth, said on Thursday, “Change Healthcare can confirm we are experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat. Our experts are working to address the matter, and we are collaborating closely with law enforcement and reputable third-party consultants, Mandiant and Palo Alto Networks, on this attack against Change Healthcare’s systems. We are actively striving to comprehend the impact on members, patients, and customers.”
“Through our continuous investigation, we have found no indication that aside from the Change Healthcare systems, Optum, UnitedHealthcare, and UnitedHealth Group systems have been affected by this issue.”
On Wednesday, ALPHV/BlackCat asserted responsibility for the cyberattack on Change Healthcare through a post on its dark web leak site. The ransomware and extortion group, based in Russia, boasted about having pilfered extensive health and patient information from millions of Americans. It’s common for ransomware groups to disclose the identities of their victims on dark web leak sites, often as a tactic to pressure the victims into meeting their ransom demands.
The assertions made by ALPHV/BlackCat could not be promptly verified. Notably, ALPHV removed the post claiming responsibility, which is occasionally considered an indication that negotiations may be underway between the hackers and the victim. When questioned about whether the company has paid a ransom or is engaged in negotiations with the hackers, UHG spokesperson Mason did not provide an immediate response.
Change Healthcare, a subsidiary of UHG stands as a health tech giant and ranks among the nation’s largest processors of prescription medications. It manages billing operations for over 67,000 pharmacies within the U.S. healthcare system. According to the healthcare tech giant’s website, it processes a staggering 15 billion healthcare transactions each year, equivalent to approximately one-third of all U.S. patient records.
In 2022, Change Healthcare merged with U.S. healthcare provider Optum as part of a substantial $7.8 billion deal orchestrated under UnitedHealth Group, the largest health insurance provider in the United States. This merger facilitated Optum’s extensive access to patient records managed by Change Healthcare.
As indicated by its most recent full-year earnings report, UnitedHealth Group offers benefit plans to a cumulative total of over 53 million customers within the United States and an additional five million outside of the country. Optum, a part of UnitedHealth Group, serves approximately 103 million customers within the United States.
The cyberattack commenced on February 21, starting early on the U.S. East Coast, resulting in extensive outages at pharmacies and healthcare facilities. In response, Change Healthcare opted to take a significant portion of its systems offline as a strategic measure to expel the hackers from its network.
Change Healthcare’s incident tracker page reveals that the majority of its customer-facing systems continue to be offline. Hospitals, healthcare providers, and pharmacies have conveyed difficulties in fulfilling or processing prescriptions through patients’ insurance. Notably, U.S. military health insurance provider Tricare issued a statement this week stating that the cyberattack at Change Healthcare is adversely affecting all military pharmacies globally and some retail pharmacies nationally.
UnitedHealth had initially attributed the cyberattack to an unspecified nation-state actor. However, researchers have not yet established a connection between the ALPHV/BlackCat group and any specific government entity.
Brett Callow, a ransomware expert and threat analyst at Emsisoft, emphasized, “The ransomware problem has been escalating for years. If governments do not bring it under control swiftly, critical services will persistently face disruptions, potentially leading to catastrophic consequences.”
The method through which the hackers gained access to Change Healthcare’s systems remains unclear. In an interview on Thursday, Patrick Beggs, the Chief Information Security Officer at ConnectWise, stated that a recent vulnerability in his company’s products could be ruled out as the cause of the cyberattack at Change Healthcare.
“Including all subsidiaries from United down to Change Healthcare, there is no record or indication of any managed service provider supporting them or having ScreenConnect installed on their infrastructure,” stated the source.
UnitedHealth reported a profit of $22 billion for the year 2023, according to its full-year earnings filed in January. The company’s most recent executive pay report indicates that Andrew Witty, the Chief Executive of UnitedHealth, received nearly $21 million in total compensation during the previous fiscal year.
Read more:
- Why Polygon’s MATIC Token Experienced a Slower Performance Amidst the Crypto Rally in the Past Year
- Initia Raises $7.5 Million in Seed Round to Advance and Simplify Blockchain Development
- Warren Buffett’s Berkshire Hathaway Hits Record Cash Levels with Rising Operating Earnings