us health insurance Major UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare that continues to disrupt hospitals and pharmacies across the United States.
“Change Healthcare can confirm that we are experiencing a cybersecurity issue caused by a cybercrime threat actor masquerading as ALPHV/Blackcat,” UnitedHealth Vice President Tyler Mason said in a statement to TechCrunch on Thursday. .
“Our experts are working to address this issue and are working closely with law enforcement and our key third-party consultants, Mandiant and Palo Alto Networks.[s], regarding this latest attack on Change Healthcare's systems. We are actively working to understand the impact on our members, patients and customers,” the spokesperson said.
“Based on our ongoing investigation, there is no indication that any Optum, UnitedHealthcare, or UnitedHealth Group systems, other than the Change Healthcare system, were affected by this issue.”
In a post on a dark web leak site on Wednesday, ALPHV/BlackCat claimed responsibility for the cyberattack on Change Healthcare. A Russia-based ransomware and extortion criminal organization claimed to have stolen the sensitive health and patient information of millions of Americans. A ransomware gang usually publishes the victim's name on his dark web leak site as a means of forcing the victim to pay the ransom demand.
ALPHV/BlackCat's claims could not be immediately verified. ALPHV deleted posts claiming responsibility, which in some cases indicated that victims were negotiating with the hackers. UHG spokesperson Mason did not immediately respond to a request for comment asking whether the company had paid the ransom or was negotiating with the hackers.
TechCrunch reported on Monday that the ongoing cyberattack is related to ransomware, which was first reported by Reuters.
Change Healthcare, a subsidiary of UHG, is a health tech giant and one of the largest prescription drug processors in the United States, processing claims for more than 67,000 pharmacies across the U.S. health care system. According to the healthcare technology giant's website, the company processes 15 billion medical transactions annually, which equates to about one in every three patient records in the United States.
Change Healthcare merged with U.S. healthcare provider Optum in 2022 as part of a $7.8 billion deal under UnitedHealth Group, the nation's largest health insurer. The merger gives Optum extensive access to Change Healthcare's patient records.
In total, UnitedHealth Group provides benefit plans to more than 53 million customers in the U.S. and an additional 5 million customers outside the U.S., according to its latest full-year earnings report. . Optum serves approximately 103 million customers in the United States.
The cyber attack began in the early hours of February 21 on the East Coast of the United States, causing widespread outages at pharmacies and medical facilities. Change Healthcare said it took many of its systems offline to remove the hacker from its systems.
Change Healthcare's incident tracker page shows that most of its customer-facing systems remain offline.
Hospitals, health care providers, and pharmacies are reporting an inability to fulfill or process prescriptions using patients' insurance. Tricare, the U.S. military health insurance company, said in a statement this week that the cyber attack on Change Healthcare “impacts all military pharmacies worldwide and some retail pharmacies domestically.”
UnitedHealth previously attributed the cyberattack to an unspecified nation-state actor. Researchers have not yet determined any links between the ALPHV/BlackCat group and the government.
It is not yet clear how the hackers gained access to Change Healthcare's systems. Patrick Beggs, ConnectWise's chief information security officer, denied in an interview with TechCrunch on Thursday that recent vulnerabilities in his company's products were unrelated to the Change Healthcare cyberattack.
“We have no indication that all of our subsidiaries, including United, all the way up to Change Healthcare, have a record of (managed service providers supporting them, or that they themselves have ScreenConnect installed in their infrastructure).” No,” Beggs told TechCrunch.[managedserviceprovidersupportingthemorthemthemselveshavingScreenConnectinstalledontheirinfrastructure”BeggstoldTechCrunch[managedserviceprovidersupportingthemorthemthemselveshavingScreenConnectinstalledontheirinfrastructure”BeggstoldTechCrunch
This is a developing story…more on that later.