An ongoing cyberattack at U.S. health tech giant Change Healthcare has caused outages and disruption to hospitals and pharmacies across the U.S. The attack, which has been ongoing for the past week, has been attributed to ransomware, according to a healthcare executive briefed by the company’s executives.
Key Takeaway
A ransomware attack attributed to the BlackCat group has caused widespread outages at U.S. hospitals and pharmacies, impacting the processing of prescriptions and patient records.
Ransomware Attack Linked to BlackCat Group
The cyberattack has been linked to the BlackCat ransomware group, as reported by Reuters, citing sources familiar with the incident. Change Healthcare has not publicly commented on the attribution of the cyberattack. The BlackCat group, also known as ALPHV, is known for its ransomware and extortion tactics, which often involve stealing a victim’s data before encrypting it and demanding a ransom for the decryption key.
Potential Data Breach and Impact
It is not yet known if patient data was stolen in the ransomware attack. The cyberattack has caused widespread outages at pharmacies and healthcare facilities, impacting the processing of prescriptions through patients’ insurance. The American Hospital Association has advised its members to consider disconnection from Optum, the parent company of Change Healthcare, until it is independently deemed safe to reconnect.
UnitedHealth Group’s Response
UnitedHealth Group, the parent company of Change Healthcare, identified a “suspected nation-state” threat actor in its systems but did not attribute the cyberattack to a specific government or state. The accuracy of this attribution remains unclear, as cybersecurity researchers have not previously linked the BlackCat gang to a nation state or government.