U.S. health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States.
“Change Healthcare can confirm we are experiencing a cyber security issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” said Tyler Mason, vice president at UnitedHealth, in a statement to TechCrunch on Thursday.
“Our experts are working to address the matter and we are working closely with law enforcement and leading third-party consultants, Mandiant and Palo Alto Network, on this attack against Change Healthcare’s systems. We are actively working to understand the impact to members, patients and customers,” said Mason.
“Based on our ongoing investigation, there’s no indication that except for the Change Healthcare systems, Optum, UnitedHealthcare and UnitedHealth Group systems have been affected by this issue.”
In a post on its dark web leak site on Wednesday, ALPHV/BlackCat took credit for the cyberattack at Change Healthcare. The Russia-based ransomware and extortion gang claimed to have stolen millions of Americans’ sensitive health and patient information.
ALPHV/BlackCat’s claims could not be immediately verified.
Change Healthcare is an American healthcare tech giant and one of the country’s largest processors of prescription medications, handling prescriptions and billing for more than 67,000 pharmacies across the U.S. healthcare system. The healthcare tech giant handles 15 billion healthcare transactions annually — or about one-in-three U.S. patient records.
The cyberattack began on February 21 early on the U.S. East Coast, causing widespread outages at pharmacies and healthcare facilities. Change Healthcare said it took much of its systems offline to expel the hackers from its systems.
Change Healthcare’s incident tracker page shows most of its customer-facing systems remain offline.
Hospitals, healthcare providers and pharmacies have reported that they are unable to fulfill or process prescriptions through patients’ insurance.
UnitedHealth previously attributed the cyberattack to an unspecified nation-state actor. Researchers have yet to determine a link between the ALPHV/BlackCat group and a government.
This is a developing story… more soon.