Change Healthcare confirms ALPHV/BlackCat cyberattack
United Healthcare has confirmed that the ongoing cybersecurity incident impacting their subsidiary Change Healthcare has been brought on by cybercrime groups BlackCat or ALPHV.
“Our experts are working to address the matter, and we are working closely with law enforcement and leading third-party consultants Mandiant and Palo Alto Networks on this attack against Change Healthcare’s systems,” United Healthcare shared in a statement. “We are actively working to understand the impact to members, patients and customers.”
The cybergroups revealed themselves as the culprit in a now-deleted post on their darknet website, Reuters first reported. In the post, they said they stole 8 terabytes of data containing sensitive information from UnitedHealth Group, Medicare, Tricare, and CVS.
CVS said in a statement that, “Change Healthcare has not confirmed whether any CVS Health member or patient information that it holds, including CVS Caremark information, was impacted by this incident.”
Pharmacies across the country have shut down in response to the cyber incident and are unable to bill insurance without Change Healthcare’s claims processing technology up and running. Many are creating workarounds to be able to continue providing medications and services to patients, but pharmacies nationwide are facing “significant backlogs of prescriptions they are unable to process,” according to a statement from the American Pharmacists Association.
“Based on our ongoing investigation, there’s no indication that Optum, UnitedHealthcare and UnitedHealth Group systems have been affected by this issue,” United Healthcare said in their statement.
CISA successfully disrupted an ALPHV/BlackCat ransomware strain in December of 2023 by creating and sharing a decryption tool with victims.
CISA updated their #StopRansomware guidance on February 27 in response to the Change Healthcare attack.
Change Healthcare has been down for 12 days now and its unknown when they will resume operations normally.
“We are working on multiple approaches to restore the impacted environment and continue to be proactive and aggressive with all our systems, and if we suspect any issue with the system, we will immediately take action,” said United Healthcare in their statement.