The health care sector is reeling from a ransomware attack on Change Healthcare, the nation's largest health care payment processor, described by American Hospital Association CEO Rick Pollack as "the most serious incident of its kind" against a U.S. health care organization. The breach, which has persisted for over nine days, has severely impacted Change Healthcare's operations, compelling the company to take most of its systems offline to contain the spread of the malware.
Change Healthcare, a key player in the health care technology landscape and a subsidiary of Optum, owned by UnitedHealth Group, plays a pivotal role in the American health care system. The company processes an astounding 15 billion health care transactions annually and handles records for a third of all American patients. The outage resulting from the attack has particularly hit small and midsize health care providers hard, disrupting their ability to electronically fill prescriptions and receive reimbursements from insurance providers.
In response to the crisis, UnitedHealth Group has reported that a significant majority of the over 70,000 U.S. pharmacies reliant on Change Healthcare's payment processing services have adopted "offline processing workarounds." Despite these measures, the disruption has underscored the vulnerabilities in the health care payment infrastructure and the cascading effects such breaches can have on patient care and provider operations.
The cybersecurity breach, first detected on February 21, has been attributed to the ransomware Alphv, also known as Blackcat, which is linked to Russian-speaking cybercriminals. This ransomware strain has been implicated in several high-profile attacks, including the one on MGM Resorts in Las Vegas. UnitedHealth Group, in its efforts to mitigate the fallout and secure its systems, is collaborating with U.S. law enforcement agencies and has enlisted the expertise of cybersecurity firms Mandiant and Palo Alto Networks.
The broader implications of the attack are alarming, with federal agencies such as CISA and the FBI highlighting Blackcat's deliberate targeting of the health care sector. This focus on health care organizations, evidenced by the nearly 70 leaked victims since mid-December 2023, represents a disturbing trend in cybercriminal strategies. The U.S. government's $15 million bounty for information leading to the capture of the Blackcat group underscores the severity of the threat they pose.
Adding to the concern are claims by Blackcat, albeit in a subsequently deleted darknet message, of having stolen millions of patient records, including highly sensitive medical and insurance data, from UnitedHealth and other major entities like Medicare, Tricare, and CVS Health. While the veracity of these claims remains unconfirmed, the potential exposure of such extensive personal and medical information could have far-reaching consequences for countless individuals.
As UnitedHealth scrambles to address the breach and its ramifications, the health care industry faces a stark reminder of the critical need for robust cybersecurity measures. The ongoing collaboration with leading cybersecurity firms and the establishment of a loan program for affected health care providers are steps towards recovery, but the incident highlights a pressing need for heightened security protocols and preparedness in the face of increasingly sophisticated cyber threats.
