ALPHV/BlackCat ransomware gang claims cyberattack on Change Healthcare
The gang is saying that it stole 6TB of data in the attack.
The ALPHV/BlackCat ransomware gang has claimed responsibility for a cyberattack on the UnitedHealth Group (UHG) subsidiary, Optum Solutions. Optum manages the Change Healthcare platform, a major payment exchange system in the US healthcare network, which was impacted by this attack. Change Healthcare had to disconnect its systems, causing delays in retail pharmacy chains and some hospitals. In response, UHG distributed workarounds as it works to restore systems.
In a blog post, the group accused UHG of downplaying the extent of the breach and failing to disclose the amount of sensitive data stolen. ALPHV/BlackCat asserted that it possessed over 6 terabytes of highly selective data from Change Healthcare servers, impacting thousands of healthcare providers, insurance companies, and pharmacies. The hackers claimed to have stolen personal data from millions of individuals, including active US military/navy personnel information, patient details, medical and dental records, financial payment information, insurance records, claims information, and over 3,000 source code files for Change Healthcare.
The ransomware group also listed major American healthcare entities allegedly compromised in the hack, including Medicare, Tricare, CVS-CareMark, Loomis, HealthNet, and MetLife.
The blog, which was swiftly posted and then taken down, included a note denying the use of recently exposed ConnectWise ScreenConnect exploits for initial access.
ALPHV/BlackCat’s activities prompted a joint advisory by US agencies as the group targets hospitals in retaliation to operational disruptions and infrastructure crackdowns by international police forces.