An ongoing cyberattack at U.S. well being tech large Change Healthcare that sparked outages and disruption to hospitals and pharmacies across the U.S. for the past week was attributable to ransomware, TechCrunch has realized.
A healthcare govt with data of the incident, who was on the decision briefed by the corporate’s executives, stated the healthcare tech large attributed the cyberattack to the BlackCat ransomware group.
Reuters first reported the news linking the cyberattack to BlackCat, citing two individuals aware of the incident.
A spokesperson for Change Healthcare didn’t instantly reply to a request for remark.
BlackCat, additionally sometimes called ALPHV, has not but publicly claimed accountability for the cyberattack. Ransomware and extortion gangs sometimes publish parts of a sufferer’s stolen knowledge to extort a ransom demand. Ransomware assaults sometimes scramble a sufferer’s recordsdata and demand a ransom to obtain the decryption key. Newer cyberattacks usually contain cybercriminals stealing a sufferer’s knowledge earlier than encrypting it.
It’s not but recognized if affected person knowledge was stolen within the ransomware assault.
UnitedHealth Group, the father or mother firm of Change Healthcare and the biggest U.S. medical health insurance supplier, stated in a authorities regulatory submitting final week that it identified a “suspected nation-state” threat actor in its systems, however didn’t attribute the cyberattack to a particular authorities or state.
The accuracy of UHG’s cyberattack attribution stays unclear, as cybersecurity researchers haven’t beforehand linked the BlackCat gang to a nation state or authorities.
Change Healthcare is an American healthcare tech large and one of many nation’s largest processors of prescription drugs, dealing with prescriptions and billing for greater than 67,000 pharmacies throughout the U.S. healthcare system. The healthcare tech large handles 15 billion healthcare transactions yearly — or about one-in-three U.S. affected person data.
Change Healthcare merged with healthcare supplier Optum in 2022 as a part of a $7.8 billion deal underneath UnitedHealth Group. The deal allowed Optum broad entry to affected person data dealt with by Change Healthcare.
UnitedHealth Group collectively supplies over 53 million U.S. clients with profit plans and one other 5 million outdoors of america, in response to its latest full-year earnings report. Optum serves about 103 million U.S. clients.
The cyberattack at Change Healthcare began on February 21 early on the U.S. East Coast, inflicting widespread outages at pharmacies and healthcare services. Change Healthcare stated it took a lot of its methods offline to expel the hackers from its methods.
Change Healthcare’s incident tracker page exhibits almost all of its customer-facing methods stay offline.
Hospitals, healthcare suppliers and pharmacies have reported that they’re unable to satisfy or course of prescriptions by sufferers’ insurance coverage.
The American Hospital Affiliation (AHA), which represents greater than 5,000 hospitals and healthcare suppliers, instructed its members in a notice last Friday to “consider disconnection from Optum until it is independently deemed safe to reconnect,” and warned of “significant cascading and disruptive effects” attributable to the cyberattack.
Columbia College, which runs certainly one of New York’s largest hospitals, instructed workers on Friday to disconnect all its systems from UnitedHealth Group, Change Healthcare and Optum and blocked entry to their electronic mail domains.
Tricare, the U.S. army’s medical health insurance supplier for lively army personnel, stated in a statement that the cyberattack at Change Healthcare is “impacting all military pharmacies worldwide and some retail pharmacies nationally.”
BlackCat/ALPHV have beforehand taken credit score for cyberattacks concentrating on U.S. healthcare giant Norton, news-sharing site Reddit, and mortgage and loan giant Fidelity National Financial.
Do you’re employed at LoanDepot and know extra in regards to the incident? You possibly can contact Zack Whittaker on Sign and WhatsApp at +1 646-755-8849, or by email. You can also contact us through SecureDrop.
