Minneapolis, Minnesota – UnitedHealth, a major health insurance provider, has recently disclosed that the Blackcat group is responsible for a cyber attack that has significantly impacted healthcare providers across the United States. The attack, which initiated a week-long outage of the Change Healthcare system, has caused disruptions in payments at various medical facilities, clinics, and pharmacies nationwide.
Change Healthcare, acting as an intermediary between healthcare providers and insurance companies, experienced suspicious activity in its IT systems starting from February 21st, as stated in a filing with the Securities and Exchange Commission. This breach has hindered everyday transactions such as electronic pharmacy refills and processing new insurance claims.
While the duration of the breach could last for several weeks according to UnitedHealth Group’s Chief Operating Officer Dirk McMahon, the company is taking proactive measures by establishing a loan program to support healthcare providers during this challenging period. Additionally, federal agencies, including CISA and the FBI, have issued a joint cybersecurity advisory warning that Blackcat has been specifically targeting the healthcare sector.
In response to the cyber attack, the US government has offered a $15 million reward for any valuable information leading to the location of the Blackcat group. Despite previous attempts to seize the group’s servers, Blackcat managed to regain control swiftly. A darknet message reportedly revealed that the group had stolen millions of patient records, including sensitive medical and insurance data, from UnitedHealth, Medicare, Tricare, and CVS Health.
The theft of sensitive records from UnitedHealth alone could have a significant impact on millions of individuals, given that Change Healthcare handles nearly one-third of patient records in the United States. The American Hospital Association emphasized the potential disruption to healthcare services if the systems of Change Healthcare remain compromised for an extended period.
UnitedHealth is collaborating with cybersecurity experts from Google-owned Mandiant and Palo Alto Networks to address the cyber attack. While the company has not disclosed its intentions regarding the ransom demand, it is actively working to mitigate the impact of the breach on healthcare providers and patients across the country.