United Health Dumps $2 Billion into Ransomware Recovery Efforts


March 19, 2024

World map

UnitedHealth - parent company Change Healthcare, the largest healthcare payment processor in the U.S. - announced it is pouring $2 billion into ransomware attack recovery efforts following what American Hospital Association CEO Rick Pollack described as “the most serious incident of its kind leveled against a U.S. health care organization.”

“The rise in cyberattacks targeting the healthcare sector globally is deeply concerning, especially considering the potential for emergencies such as those witnessed during the Covid-19 pandemic lockdowns in April 2020 and 2021,” Cybersecurity Insiders reports.

“Furthermore, it is evident that cybercriminals, driven by profit, disregard the humanitarian implications of their actions, instead prioritizing their immediate gains or supporting governments engaged in digital attacks for geopolitical reasons.”

Takeaway: There is no threat as pervasive as what we see with the explosion in ransomware operators, variants, affiliate threat actors, and total dollar losses to victim organizations, and ultimately these costs will be passed on to consumers.

A recent report from Chainalysis concluded that payments to ransomware operators in 2023 exceeded $1 billion, breaking all previous estimations.  

Combine that with the FBI concluding that only 20% of attacks were being reported to law enforcement after spending seven months infiltrating the operations the Hive ransomware gang’s operations, a more accurate estimate may be closer to $5 billion dollars extorted in 2023.  

And these losses do not even include the costs of recovery efforts - which can be massive, as we are seeing with the Change Healthcare attack – or other losses that are more difficult to estimate, like damage to brand, or future losses stemming from lawsuits and regulatory fines.

Ransomware is big business. These costs are passed on to consumers, to other businesses, to state and local governments, and so on. The financial impact of ransomware attacks is one we all bear, and it is going to become a significant drag on our economy.

The only way we can counter its growth as a major industry vertical is to disincentivize the attackers. The only way to disincentivize them is to make ransomware attacks unprofitable, and we are a long, long way from accomplishing that.  

Don’t want your organization to fall prey to cyber extortion? Then don’t be the low hanging fruit.

Threat actors are taking advantage of unpatched vulnerabilities and misconfigurations by automating aspects of their attack progressions. Automation means ransomware operators can simply hit more victims faster.

The mass exploitation of the MoveIT, GoAnywhere, and Citrix Bleed vulnerabilities are all examples of preventable attack vectors where ransomware operator objectives could have been made much more difficult to achieve.

While we cannot prevent ransomware attacks, we can prevent them from being successful.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.