Change Healthcare Attack: Most Serious Incident Against U.S. Healthcare


March 1, 2024

World map

American Hospital Association CEO Rick Pollack said the impact from a ransomware attack against Change Healthcare, the largest healthcare payment processor in the U.S., is “the most serious incident of its kind leveled against a U.S. health care organization.”  

Parent company UnitedHealth Group disclosed the services were "crippled” following an attack claimed by the BlackCat/ALPHV ransomware gang on February 21st. UnitedHealth Group provides software and services to manage patient payments and insurance claims.  

“Nine days into the attack on Change Healthcare, a health care technology company that is part of Optum and owned by UnitedHealth Group, effects are continuing to be felt throughout the entire health care system,” NBC News reports.  

“In an emailed statement, a spokesperson for Change Healthcare’s parent company, UnitedHealth Group, indicated that thousands of pharmacies are using ‘offline processing workarounds.’ More than 90% of the more than 70,000 U.S. pharmacies that use Change Healthcare’s payment processor are using alternate ways to process payments.”  

Takeaway: Ransomware operators have been hammering the healthcare sector for some time now, and they have used shady tactics to force victim organizations to pay.  

The BlackCat /ALPHV ransomware gang attempted to extort a Pennsylvania healthcare provider in 2023 by publishing private, compromising clinical photographs of breast cancer patients.  

More recently, ransomware operators were observed threatening patients whose data had been exposed with swatting, a harassment tactic that involves calling in bomb threats or other false reports to law enforcement to prompt an armed response to the victim's home.  

Data extortion and ransomware groups continue to demonstrate time and time again that there is no line they will not cross to enrich themselves.  

The average time it takes for an organization to recover from a ransomware attack has been pegged at about three weeks or more according to multiple studies.  

While a private, profitable organization with ample resources like UnitedHealth Group may be able to weather such a lengthy disruption to operations, the healthcare game is one of immediacy.  

Patients are different than customers, and in most cases, they cannot afford delays in treatment without putting their health or lives at risk.  

We know rogue nations like Russia, China, Iran, and North Korea directly support and/or influence ransomware operations, and targeting healthcare are quickly becoming a national security threat, so perhaps we should be addressing them as such. is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.