The ALPHV/BlackCat ransomware gang has claimed responsibility for a cyberattack on the UnitedHealth Group (UHG) subsidiary, Optum Solutions. Optum manages the Change Healthcare platform, a major payment exchange system in the US healthcare network, which was impacted by this attack. Change Healthcare had to disconnect its systems, causing delays in retail pharmacy chains and some hospitals. In response, UHG distributed workarounds as it works to restore systems.
dig.watchOptum Solutions suffers cyberattackThe outage created issues with billing, claims processing, and nationwide prescription services. 23 Feb 2024 |
In a blog post, the group accused UHG of downplaying the extent of the breach and failing to disclose the amount of sensitive data stolen. ALPHV/BlackCat asserted that it possessed over 6 terabytes of highly selective data from Change Healthcare servers, impacting thousands of healthcare providers, insurance companies, and pharmacies. The hackers claimed to have stolen personal data from millions of individuals, including active US military/navy personnel information, patient details, medical and dental records, financial payment information, insurance records, claims information, and over 3,000 source code files for Change Healthcare.
APLHV/BlackCat's blogpost.The ransomware group also listed major American healthcare entities allegedly compromised in the hack, including Medicare, Tricare, CVS-CareMark, Loomis, HealthNet, and MetLife.
The blog, which was swiftly posted and then taken down, included a note denying the use of recently exposed ConnectWise ScreenConnect exploits for initial access.
ALPHV/BlackCat's activities prompted a joint advisory by US agencies as the group targets hospitals in retaliation to operational disruptions and infrastructure crackdowns by international police forces.
dig.watchFBI, CISA, and HHS warn against ALPHV/BlackCat ransomware targeting US healthcare sectorThe advisory comes amidst growing concerns over cyber threats to critical infrastructure, urging organisations to bolster their cybersecurity defences against evolving tactics employed by ransomware operators. 28 Feb 2024 |