2024 Global Digital Shopping index Banner

Report: Ransomware Gang Blackcat Behind Cyberattack on Change Healthcare

The ransomware gang Blackcat, also known as ALPHV, is reportedly the source of a cyberattack targeting UnitedHealth Group’s technology unit, Change Healthcare.

The cyberattack has targeted Change Healthcare’s information technology systems, leading to widespread disruptions at pharmacies across the United States for the past six days, Reuters reported Monday (Feb. 26).

In an update posted by Change Healthcare Monday at 6:11 p.m. Eastern time, the company said, “The disruption is expected to last at least through the day.”

Blackcat, a financially motivated cybercriminal group, has a history of targeting major businesses, including MGM Resorts International and Caesars Entertainment, according to the Reuters report.

Despite being previously targeted by U.S.-led law enforcement efforts in December, the group has resurfaced with renewed attacks on critical infrastructure providers and hospitals, the report said.

The outage caused by the Blackcat ransomware attack has had ripple effects throughout the healthcare industry, impacting pharmacy chains like CVS Health and Walgreens, per the report. The American Pharmacists Association reported significant backlogs of prescriptions due to pharmacies being unable to process insurance claims for patients.

Contrary to Monday’s report from Reuters saying the attack was led by a ransomware gang, UnitedHealth said earlier that it was being targeted by a nation-state associated cybersecurity threat actor, the report said.

Change Healthcare posted its first update reporting connectivity issues Wednesday (Feb. 21). On the following day, UnitedHealth Group said in a filing with the Securities and Exchange Commission (SEC) that a “suspected nation-state associated cybersecurity threat actor” gained access to some of Change Healthcare’s IT systems.

In October, the Blackcat/ALPHV ransomware gang claimed responsibility for a data breach at Michigan-based healthcare provider McLaren Health Care, posting screenshots of the stolen data on the dark web.

That cyberattack compromised the personal and health information of about 2.2 million patients.

Blackcat/ALPHV also claimed responsibility for a cyberattack that was reported by Kentucky-based nonprofit healthcare system Norton Healthcare in December and took place earlier in the year. The healthcare company did not disclose the identity of the hackers responsible for the cyberattack.

In that case, about 2.5 million people, including patients, employees and employees’ dependents, were affected by the data breach.