Change Healthcare Attack: Most Serious Incident Against U.S. Healthcare

American Hospital Association CEO Rick Pollack said the impact from a ransomware attack against Change Healthcare, the largest healthcare payment processor in the U.S., is “the most serious incident of its kind leveled against a U.S. health care organization.”  

‍

Parent company UnitedHealth Group disclosed the services were "crippled” following an attack claimed by the BlackCat/ALPHV ransomware gang on February 21^st. UnitedHealth Group provides software and services to manage patient payments and insurance claims.  

‍

“Nine days into the attack on Change Healthcare, a health care technology company that is part of Optum and owned by UnitedHealth Group, effects are continuing to be felt throughout the entire health care system,” NBC News reports.  

‍

“In an emailed statement, a spokesperson for Change Healthcare’s parent company, UnitedHealth Group, indicated that thousands of pharmacies are using ‘offline processing workarounds.’ More than 90% of the more than 70,000 U.S. pharmacies that use Change Healthcare’s payment processor are using alternate ways to process payments.”  

‍

Takeaway: Ransomware operators have been hammering the healthcare sector for some time now, and they have used shady tactics to force victim organizations to pay.  

‍

The BlackCat /ALPHV ransomware gang attempted to extort a Pennsylvania healthcare provider in 2023 by publishing private, compromising clinical photographs of breast cancer patients.  

‍

More recently, ransomware operators were observed threatening patients whose data had been exposed with swatting, a harassment tactic that involves calling in bomb threats or other false reports to law enforcement to prompt an armed response to the victim's home.  

‍

Data extortion and ransomware groups continue to demonstrate time and time again that there is no line they will not cross to enrich themselves.  

‍

The average time it takes for an organization to recover from a ransomware attack has been pegged at about three weeks or more according to multiple studies.  

‍

While a private, profitable organization with ample resources like UnitedHealth Group may be able to weather such a lengthy disruption to operations, the healthcare game is one of immediacy.  

‍

Patients are different than customers, and in most cases, they cannot afford delays in treatment without putting their health or lives at risk.  

‍

We know rogue nations like Russia, China, Iran, and North Korea directly support and/or influence ransomware operations, and targeting healthcare are quickly becoming a national security threat, so perhaps we should be addressing them as such.

‍

‍

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.