Blackcat ransomware gang behind ongoing Change Healthcare disruption

Blackcat is allegedly behind the cyberattack on Change Healthcare that has disrupted pharmacy operations and patient care nationwide since Feb. 21.

What happened 

Change Healthcare, a subsidiary of UnitedHealth Group, experienced a cyberattack by a “suspected nation-state-associated” threat actor, leading to system outages for the ninth consecutive day. UnitedHealth Group promptly isolated and disconnected the affected systems upon detection. 

While Change Healthcare's tools for payment and revenue cycle management are disrupted, UnitedHealth Group reported that over 90% of US pharmacies have implemented electronic workarounds to mitigate the impact, with the remainder using offline processing systems. The disruption has not yet affected provider cash flows, as payments are usually issued about two weeks after processing. UnitedHealth Group reassured that its systems, including Optum and UnitedHealthcare, were likely unaffected. It is working with external partners like Palo Alto Networks and Google Cloud’s Mandiant to assess the breach. 

According to Reuters, the notorious ransomware gang, Blackcat, is allegedly behind the attack. The suggestion that Blackcat was responsible for the breach has raised questions about UnitedHealth's previous claim that it had been targeted by a "suspected nation-state associated cybersecurity threat actor."

Go deeper: Nationwide pharmacy delays following Change Healthcare hack

What are they saying?

John Riggi, national advisor for cybersecurity and risk at the American Hospital Association, told CBNC news that “health data is attractive to bad actors because it can be easily monetized and sold on the dark web to perpetuate other crimes like identity theft and health-care fraud.” 

Data theft and ransomware attacks are common in healthcare and attackers “come in and encrypt all the data in networks, so that suddenly, immediately, systems go dark, they become unavailable,” resulting in delays in healthcare service provision.

“They’re [Change Healthcare] a victim of a foreign-based cyberattack,” Riggi said. “Ultimately, though, this was not an attack just on them, this was an attack on the entire healthcare sector.”

According to Riggi, the allocation of substantial resources towards cybersecurity is crucial for healthcare senior leaders. He emphasized the need for all healthcare workers to feel like part of the “cybersecurity team” and that “the government must devote as much priority, attention and resources to going after the bad guys who are conducting these attacks.” 

See also: HIPAA Compliant Email: The Definitive Guide

Why it matters

Although UnitedHealth has not disclosed the affected systems, the cyberattack on Change Healthcare has caused widespread issues in the U.S. healthcare system. 

CVS Health reported impacts on insurance claim processing but assured that their systems were not compromised. Walgreens stated that the majority of its operations were unaffected. However, for consumers like Cary Brazeman, the disruption has been frustrating. He faced difficulties obtaining a prescription due to the attack, highlighting concerns about access to medication for those with more serious conditions. Despite personal worries about data exposure, Brazeman's primary focus remains on ensuring medication access for those in need.

See also: 

• Why do cyberattacks happen?
• What is cybersecurity in healthcare?

FAQs

How can healthcare organizations protect themselves from cyberattacks?

Healthcare organizations can protect themselves from cyberattacks by implementing a multifaceted cybersecurity strategy. This strategy includes employee training on cybersecurity best practices, strict access controls, regular software updates, data encryption, and the deployment of firewalls and intrusion detection systems. Additionally, having an incident response plan, regular data backups, security audits, and vendor risk management are vital.

Go deeper:

• Preventing the spread of cybersecurity attacks in healthcare
• Software updates to prevent cyberattacks

How can patients protect their data in the event of a healthcare cyberattack?

Patients can protect their data during healthcare cyberattacks by being vigilant, monitoring their medical records for unauthorized activity, and reporting suspicious incidents promptly. 

Are industry resources available to help healthcare organizations prevent and respond to cyberattacks?

Yes, there are several industry resources available to help healthcare organizations prevent and respond to cyberattacks, including guidance documents and best practices from organizations such as the Department of Health and Human Services (HHS), the National Institute of Standards and Technology (NIST), and the Health Information Trust Alliance (HITRUST).