Picture: Midjourney
The BlackCat/ALPHV ransomware gang has formally claimed accountability for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform.
Change Healthcare is the most important fee change platform utilized by greater than 70,000 pharmacies throughout the US. UHG is the world’s largest healthcare firm by income, using 440,000 folks worldwide and dealing with over 1.6 million physicians and care professionals in 8,000 hospitals and different care amenities.
In an announcement printed on their darkish internet leak web site right this moment, BlackCat mentioned that they allegedly stole 6TB of knowledge from Change Healthcare’s community belonging to “hundreds of healthcare suppliers, insurance coverage suppliers, pharmacies, and many others.”
“Being inside a manufacturing community one can think about the quantity of crucial and delicate information that may be discovered. The information pertains to all Change Well being shoppers which have delicate information being processed by the corporate,” BlackCat mentioned.
The ransomware gang claims that they stole supply code for Change Healthcare options and delicate info belonging to many companions, together with the U.S. army’s Tricare healthcare program, the Medicare federal medical health insurance program, CVS Caremark, MetLife, Well being Internet, and tens of different healthcare insurance coverage suppliers.
Per BlackCat’s claims, the delicate information stolen from Change Healthcare comprises a variety of data on tens of millions of individuals, together with their:
- medical data
- insurance coverage data
- dental data
- funds info
- claims info
- sufferers’ PII information (i.e., cellphone numbers, addresses, social safety numbers, e mail addresses, and extra)
- lively U.S. army/navy personnel PII information
On a dedicated status page, Optum warned hours earlier than this text was printed that they are nonetheless engaged on restoring impacted programs to deliver them again on-line, including that Optum, UnitedHealthcare, and UnitedHealth Group programs haven’t been affected.
Whereas UnitedHealth Group VP Tyler Mason didn’t verify that BlackCat was behind the incident, Mason instructed BleepingComputer earlier this week that 90% of the affected 70,000+ pharmacies have switched to new digital declare procedures to handle the Change Healthcare points.
Right now, BlackCat additionally denied that associates who breached Change Healthcare’s community used a critical ScreenConnect auth bypass flaw (CVE-2024-1709), as BleepingComputer was instructed earlier this week by sources acquainted with the investigation.
On Tuesday, the FBI, CISA, and the Division of Well being and Human Companies (HHS) warned that Blackcat ransomware associates primarily target organizations in the U.S. healthcare sector.
“Since mid-December 2023, of the practically 70 leaked victims, the healthcare sector has been probably the most generally victimized,” the three federal companies mentioned.
“That is possible in response to the ALPHV Blackcat administrator’s submit encouraging its associates to focus on hospitals after operational action against the group and its infrastructure in early December 2023.”
The FBI beforehand linked BlackCat to over 60 breaches throughout its first 4 months of exercise (between November 2021 and March 2022) and mentioned the gang raked in at least $300 million in ransoms from over 1,000 victims till September 2023.
The U.S. State Division now provides up to $15 million for suggestions that assist determine or find BlackCat gang leaders and people linked to the group’s ransomware assaults.
