American medical insurance big UnitedHealth Group has confirmed a ransomware assault on its well being tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies throughout the USA.
“Change Healthcare can verify we’re experiencing a cyber security challenge perpetrated by a cybercrime menace actor who has represented itself to us as ALPHV/Blackcat,” mentioned Tyler Mason, vp at UnitedHealth, in an announcement to information.killnetswitch on Thursday.
“Our specialists are working to deal with the matter and we’re working intently with regulation enforcement and main third-party consultants, Mandiant and Palo Alto Community[s], on this assault towards Change Healthcare’s programs. We’re actively working to know the affect to members, sufferers and prospects,” the spokesperson mentioned.
“Primarily based on our ongoing investigation, there’s no indication that aside from the Change Healthcare programs, Optum, UnitedHealthcare and UnitedHealth Group programs have been affected by this challenge.”
In a submit on its darkish net leak web site on Wednesday, ALPHV/BlackCat took credit score for the cyberattack at Change Healthcare. The Russia-based ransomware and extortion gang claimed to have stolen tens of millions of People’ delicate well being and affected person data. Ransomware gangs sometimes publish the names of their victims to their darkish net leak websites usually as a option to extort the victims into paying a ransom demand.
ALPHV/BlackCat’s claims couldn’t be instantly verified. ALPHV took down the submit claiming duty, generally a sign that the sufferer is negotiating with the hackers. UHG spokesperson Mason didn’t instantly reply to a remark asking if the corporate paid a ransom or is in negotiations with the hackers.
information.killnetswitch reported on Monday that the continued cyberattack was linked to ransomware, which was first reported by Reuters.
UHG subsidiary Change Healthcare is a well being tech big and one of many nation’s largest processors of prescription drugs, dealing with billing for greater than 67,000 pharmacies throughout the U.S. healthcare system. The healthcare tech big’s web site says it handles 15 billion healthcare transactions yearly — or about one-in-three U.S. affected person data.
Change Healthcare merged with U.S. healthcare supplier Optum in 2022 as a part of a $7.8 billion deal below UnitedHealth Group, the most important medical insurance supplier in the USA. The merger allowed Optum broad entry to affected person data dealt with by Change Healthcare.
The cyberattack started on February 21 early on the U.S. East Coast, inflicting widespread outages at pharmacies and healthcare amenities. Change Healthcare mentioned it took a lot of its programs offline to expel the hackers from its programs.
Change Healthcare’s incident tracker web page exhibits most of its customer-facing programs stay offline.
Hospitals, healthcare suppliers and pharmacies have reported that they’re unable to satisfy or course of prescriptions by way of sufferers’ insurance coverage. U.S. navy medical insurance supplier Tricare mentioned in an announcement this week that the cyberattack at Change Healthcare is “impacting all navy pharmacies worldwide and a few retail pharmacies nationally.”
UnitedHealth beforehand attributed the cyberattack to an unspecified nation-state actor. Researchers have but to find out a hyperlink between the ALPHV/BlackCat group and a authorities.
“The ransomware downside has been getting worse for years. If governments don’t get it below management rapidly, essential providers will proceed to be disrupted, with doubtlessly catastrophic penalties,” mentioned Brett Callow, a ransomware professional and menace analyst at Emsisoft, advised information.killnetswitch.
It’s not but clear how the hackers gained entry to Change Healthcare’s programs. In an interview with information.killnetswitch on Thursday, ConnectWise chief data security officer Patrick Beggs dominated out a latest vulnerability in his firm’s merchandise as the reason for the cyberattack at Change Healthcare.
“With all of the subsidiaries together with United all the way in which all the way down to Change Healthcare, we now have no document or no indication of any [managed service supplier supporting them, or them themselves having ScreenConnect put in on their infrastructure,” Beggs advised information.killnetswitch.
Do you’re employed at Change Healthcare, Optum or UnitedHealth and know extra in regards to the cyberattack? Get in contact on Sign and WhatsApp at +1 646-755-8849, or by e mail. It’s also possible to ship recordsdata and paperwork through SecureDrop.
