Cyberattack Hits Change Healthcare Platform, BlackCat Ransomware Gang Claims Responsibility
A subsidiary of UnitedHealth Group (UHG), the Change Healthcare platform has suffered a significant outage, impacting more than 70,000 pharmacies across the United States. The BlackCat/ALPHV ransomware gang has stepped forward, claiming responsibility for the breach.
According to statements on their dark web leak site, BlackCat asserts that they have stolen a staggering 6TB of data from Change Healthcare’s network, affecting numerous healthcare providers, insurance companies, pharmacies, and more. Among the compromised data are sensitive records, including medical, insurance, and dental information, along with payment details and personal identification information (PII) of millions of individuals, including active U.S. military personnel.
The scope of the breach extends to partners of Change Healthcare, including prominent entities like the U.S. military’s Tricare healthcare program, the Medicare federal health insurance program, CVS Caremark, MetLife, Health Net, and several other healthcare insurance providers.
Despite ongoing efforts by Optum to restore affected systems, the outage persists. UnitedHealth Group has confirmed that its systems remain unaffected by the incident. However, Optum, UnitedHealthcare, and UnitedHealth Group continue to work towards a resolution, with 90% of impacted pharmacies already transitioning to new electronic claim procedures.
While BlackCat denies allegations of exploiting a critical ScreenConnect authentication bypass flaw (CVE-2024-1709), concerns loom as the FBI, CISA, and the Department of Health and Human Services (HHS) warn of increased targeting of U.S. healthcare organizations by BlackCat affiliates. This surge in attacks follows operational action taken against the group’s infrastructure in December 2023.
The FBI’s previous investigations into BlackCat revealed over 60 breaches and a staggering $300 million in ransom payments from more than 1,000 victims until September 2023. To combat such threats, the U.S. State Department now offers up to $15 million for information leading to the identification or location of BlackCat gang leaders and associated individuals.
As cybersecurity threats continue to evolve, the healthcare sector faces mounting challenges in safeguarding sensitive data and maintaining operational continuity. Stay tuned for further updates as the investigation into this cyberattack unfolds.