Change Healthcare Ransomware Remediation Costs Approach $1 Billion for Q1-2024


April 17, 2024

World map

The parent company of Change Healthcare estimates the cost of remediating the February ransomware attack Q1-2024 is $872 million just a month after United Health had announced it was prepared to pour $2 billion into recovery efforts.

This figure is in addition to the more than $6 billion in emergency funding and loans UnitedHealth allotted for struggling healthcare providers who could not get reimbursed for services while systems were down.

“The remediation efforts spent on the attack are ongoing, so the total costs related to business disruption and repairs are likely to exceed $1 billion over time, potentially including the reported $22 million payment made to the ALPHV/BlackCat-affiliated criminals behind the attack,” The Register reports.

“It's a charge that eclipsed that of casino group MGM, which didn't pay a ransom following an attack on its systems last year, and which faces recovery costs of $100 million to rebuild its systems and paying for the fallout from outages, operational disruptions, allegedly leaked data and more.”

Takeaway: The cost of ransomware recovery efforts can be massive as we see with the Change Healthcare attack, and other potential losses are harder to estimate, like damage to brand, or future losses stemming from lawsuits and regulatory fines.

Ransomware is big business. These costs are passed on to consumers, to other businesses, to state and local governments, and so on. The financial impact of ransomware attacks is one we all bear, and it is going to become a significant drag on our economy.

The only way we can counter its growth as a major industry vertical is to disincentivize the attackers. The only way to disincentivize them is to make ransomware attacks unprofitable, and we are a long, long way from accomplishing that.  

Don’t want your organization to fall prey to cyber extortion? Then don’t be the low hanging fruit.

Threat actors are taking advantage of unpatched vulnerabilities and misconfigurations by automating aspects of their attack progressions. Automation means ransomware operators can simply hit more victims faster.

The mass exploitation of the MoveIT, GoAnywhere, and Citrix Bleed vulnerabilities are all examples of preventable attack vectors where ransomware operator objectives could have been made much more difficult to achieve.

While we cannot prevent ransomware attacks, we can prevent them from being successful. As an executive, it is crucial to understand the  impact of disruptive ransomware attacks on your business and take proactive steps to mitigate them.  

Halcyon recently published a reference guide that explores what each C-level executive should know about ransomware to ensure a strong security posture and protect their organization: What Executives Should Know about Ransomware. is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.