Change Healthcare, the pharmacy claims payment management arm of UnitedHealthcare, was hit with a ransomware attack just last week. The attack was believed to have been orchestrated by a hacker’s gang affiliated with the known group Blackcat (also known as ALPHV). Blackcat is the same group that hit Reddit, the casinos Caesars and MGM resorts last year and the Colonial Pipeline in 2021.
U.S. Infrastructure Hit in Ransomware Attack
This attack is one example of them making good (again) on an extortion threat to hit critical U.S. infrastructure providers and hospitals after international law enforcement, led by the U.S., seized and shutdown several of their websites and confiscated hundreds of digital keys used to encrypt victim’s data during ransomware attacks.
The attack forced United Health Group to disconnect its own systems to prevent further impact from the attack. This resulted in pharmacies, including Walgreens and CVS Health, being unable to process insurance claims for prescriptions because they could not bring up a patient’s insurance coverage information.
Impact on Patients
This had two potential effects on patients. One, some patients are unable to get prescription medications and depending on the medication could be life-threatening if they run out and two for the ones that can get prescriptions, it is costing them more because the pharmacy can’t process claims to the insurance companies … which lowers the amount paid by the patient.
And the effect on pharmacies was that they were racking up thousands of dollars in claims that could not be processed. Some pharmacies reported using an alternate claims processor in the interim, while others could not.
Data Stolen
As far as what data and how much was stolen, that information is unknown at this time. No specific data information has been posted on any of the Blackcat websites, which means they were not behind the attack, still negotiating terms of the ransom, or some other reason why they did not want to release the stolen information.
However, because Change Healthcare is one of the largest claims processors in the U.S., processing 15 billion healthcare claims annually, the potential for release of a large amount of damaging personal information is there. Some cybersecurity experts think the attack may have been nothing more than a group of financially-motivated cybercriminals looking for a payout.
Blackcat did post on their darknet site that it had stolen eight terabytes of information in that attack that included data not only from Walgreens and CVS Health, but also from Medicare, Tricare and other companies, but then they abruptly removed the post … raising some questions as far as if they were behind the attack or not.
More information should be forthcoming on the investigation once the cybersecurity firms of Madiant and Palo Alto Networks complete their work and release their findings.
