ALPHV/BlackCat ransomware gang claims cyberattack on Change Healthcare

The gang is saying that it stole 6TB of data in the attack.

 Logo, First Aid, Red Cross, Symbol, Architecture, Building, Office Building

The ALPHV/BlackCat ransomware gang has claimed responsibility for a cyberattack on the UnitedHealth Group (UHG) subsidiary, Optum Solutions. Optum manages the Change Healthcare platform, a major payment exchange system in the US healthcare network, which was impacted by this attack. Change Healthcare had to disconnect its systems, causing delays in retail pharmacy chains and some hospitals. In response, UHG distributed workarounds as it works to restore systems.

front view composition medical still life elements
Optum Solutions suffers cyberattack
The outage created issues with billing, claims processing, and nationwide prescription services.
front view composition medical still life elements
Optum Solutions suffers cyberattack
The outage created issues with billing, claims processing, and nationwide prescription services.

In a blog post, the group accused UHG of downplaying the extent of the breach and failing to disclose the amount of sensitive data stolen. ALPHV/BlackCat asserted that it possessed over 6 terabytes of highly selective data from Change Healthcare servers, impacting thousands of healthcare providers, insurance companies, and pharmacies. The hackers claimed to have stolen personal data from millions of individuals, including active US military/navy personnel information, patient details, medical and dental records, financial payment information, insurance records, claims information, and over 3,000 source code files for Change Healthcare.

 Page, Text, Menu
APLHV/BlackCat’s blogpost.

The ransomware group also listed major American healthcare entities allegedly compromised in the hack, including Medicare, Tricare, CVS-CareMark, Loomis, HealthNet, and MetLife.

The blog, which was swiftly posted and then taken down, included a note denying the use of recently exposed ConnectWise ScreenConnect exploits for initial access.

ALPHV/BlackCat’s activities prompted a joint advisory by US agencies as the group targets hospitals in retaliation to operational disruptions and infrastructure crackdowns by international police forces.

0fqneb1vjam
FBI, CISA, and HHS warn against ALPHV/BlackCat ransomware targeting US healthcare sector
The advisory comes amidst growing concerns over cyber threats to critical infrastructure, urging organisations to bolster their cybersecurity defences against evolving tactics employed by ransomware operators.
0fqneb1vjam
FBI, CISA, and HHS warn against ALPHV/BlackCat ransomware targeting US healthcare sector
The advisory comes amidst growing concerns over cyber threats to critical infrastructure, urging organisations to bolster their cybersecurity defences against evolving tactics employed by ransomware operators.