Image: Midjourney
A cyberattack on Optum, a subsidiary of UnitedHealth Group ( UGG), which resulted in an ongoing outage affecting the Change Healthcare platform, has been officially claimed responsibility by the BlackCat/ALPHV ransomware gang.
The largest payment exchange platform used by more than 70, 000 American pharmacies is Change Healthcare. With 440, 000 employees worldwide and working with over 1.6 million doctors and care professionals in 8, 000 hospitals and other care facilities, UHG is the largest healthcare company in the world in terms of revenue.
BlackCat claimed in a statement that it allegedly stole 6TB of data from the network of” thousands of healthcare providers, insurance providers, pharmacies, etc.” from their dark web leak site today.
One can imagine the volume of sensitive and critical data that can be found inside a production network. All Change Health clients who have sensitive information being processed by the company are covered by the data, according to BlackCat.
The ransomware gang claims to have stolen source code for confidential information from dozens of partners, including the Tricare healthcare program for the U.S. military, the Medicare federal health insurance program, CVS Caremark, MetLife, Health Net, and dozens of other healthcare insurance companies.
According to BlackCat’s claims, millions of people’s sensitive data was stolen from Change Healthcare, including their:
- medical records
- insurance records
- dental records
- payments information
- claims data
- ( including phone numbers, addresses, social security numbers, email addresses, and other ) of the patients ‘ PII data.
- Active U.S. military/navy personnel PII data
Optum, United Healthcare, and UnitedHealth Group systems have not been impacted, according to a separate status update posted hours before this article was published.
While UnitedHealth Group VP Tyler Mason did not confirm BlackCat’s involvement in the incident, Mason reported to BleepingComputer earlier this week that 90 % of the affected 70, 000+ pharmacies have switched to new electronic claim procedures in response to the Change Healthcare issues.
BlackCat also denied today that affiliates who hacked into Change Healthcare’s network lacked a significant ScreenConnect auth bypass flaw ( CVE- 2024- 1709 ), as BleepingComputer was informed by sources with knowledge of the investigation earlier this week.
The FBI, CISA, and the U.S. Department of Health and Human Services ( HHS) issued a warning on Tuesday that Blackcat ransomware affiliates primarily target businesses in the healthcare industry.
The healthcare sector has been the most frequently victimized, according to the three federal agencies,” since mid-December 2023, of the nearly 70 leaked victims.”
” This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals in response to early December 2023’s operational action against the group and its infrastructure,” the administrator said.
Up until September 2023, the FBI had previously linked BlackCat to more than 60 breaches during its first four months of operation ( between November 2021 and March 2022 ).
Tips that can be used to track down or find BlackCat gang leaders and individuals connected to the group’s ransomware attacks are now available for up to$ 15 million from the U.S. State Department.