UnitedHealth confirms Russian ransomware gang behind Change Healthcare hack

UnitedHealth confirms Russian ransomware gang behind Change Healthcare hack

American medical health insurance large UnitedHealth Group has confirmed a ransomware assault on its well being tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies throughout the US.

“Change Healthcare can verify we’re experiencing a cyber safety difficulty perpetrated by a cybercrime risk actor who has represented itself to us as ALPHV/Blackcat,” stated Tyler Mason, vp at UnitedHealth, in a press release to TechCrunch on Thursday.

“Our consultants are working to deal with the matter and we’re working carefully with legislation enforcement and main third-party consultants, Mandiant and Palo Alto Community[s], on this assault in opposition to Change Healthcare’s techniques. We’re actively working to grasp the impression to members, sufferers and clients,” the spokesperson stated.

“Primarily based on our ongoing investigation, there’s no indication that aside from the Change Healthcare techniques, Optum, UnitedHealthcare and UnitedHealth Group techniques have been affected by this difficulty.”

In a submit on its darkish internet leak web site on Wednesday, ALPHV/BlackCat took credit score for the cyberattack at Change Healthcare. The Russia-based ransomware and extortion gang claimed to have stolen hundreds of thousands of People’ delicate well being and affected person data. Ransomware gangs sometimes publish the names of their victims to their darkish internet leak websites usually as a strategy to extort the victims into paying a ransom demand.

ALPHV/BlackCat’s claims couldn’t be instantly verified. ALPHV took down the submit claiming accountability, typically a sign that the sufferer is negotiating with the hackers. UHG spokesperson Mason didn’t reply to a remark asking if the corporate paid a ransom or is in negotiations with the hackers.

TechCrunch confirmed on Monday that the continuing cyberattack was linked to ransomware. Reuters first reported the information.

UHG-owned subsidiary Change Healthcare is a well being tech large and one of many nation’s largest processors of prescription drugs, dealing with billing for greater than 67,000 pharmacies throughout the U.S. healthcare system. The healthcare tech large’s web site says it handles 15 billion healthcare transactions yearly — or about one-in-three U.S. affected person information.

Change Healthcare merged with U.S. healthcare supplier Optum in 2022 as a part of a $7.8 billion deal below UnitedHealth Group, the most important medical health insurance supplier in the US. The merger allowed Optum broad entry to affected person information dealt with by Change Healthcare.

UnitedHealth Group collectively offers over 53 million U.S. clients with profit plans and one other 5 million outdoors of the US, in keeping with its newest full-year earnings report. Optum serves about 103 million U.S. clients.

Pharmacy outages stall prescriptions

The cyberattack started on February 21 early on the U.S. East Coast, inflicting widespread outages at pharmacies and healthcare services. Change Healthcare stated it took a lot of its techniques offline to expel the hackers from its techniques.

Change Healthcare’s incident tracker web page reveals most of its customer-facing techniques stay offline.

Hospitals, healthcare suppliers and pharmacies throughout the US have reported that they’re unable to meet or course of prescriptions by sufferers’ insurance coverage.

Nebraska tv outlet KLKN-TV stories that almost all of Nebraska hospitals are unable to confirm affected person insurance coverage for inpatient stays, present exact value estimates, or course of affected person billing because of the continuing cyberattack at Change Healthcare.

U.S. navy medical health insurance supplier Tricare stated in a press release this week that the cyberattack at Change Healthcare is “impacting all navy pharmacies worldwide and a few retail pharmacies nationally.”

UnitedHealth beforehand attributed the cyberattack to an unspecified nation-state actor. Researchers have but to find out a hyperlink between the ALPHV/BlackCat group and a authorities.

“The ransomware downside has been getting worse for years. If governments don’t get it below management rapidly, vital providers will proceed to be disrupted, with doubtlessly catastrophic penalties,” stated Brett Callow, a ransomware skilled and risk analyst at Emsisoft, advised TechCrunch.

It’s not but clear how the hackers gained entry to Change Healthcare’s techniques. In an interview with TechCrunch on Thursday, ConnectWise chief data safety officer Patrick Beggs dominated out a latest vulnerability in his firm’s merchandise as the reason for the cyberattack at Change Healthcare.

“With all of the subsidiaries together with United all the way in which all the way down to Change Healthcare, we’ve got no report or no indication of any [managed service supplier supporting them, or them themselves having ScreenConnect put in on their infrastructure,” Beggs advised TechCrunch.

UnitedHealth made $22 billion in revenue throughout 2023, in keeping with its full-year earnings filed in January. In line with the corporate’s most up-to-date report on government pay, UnitedHealth’s chief government Andrew Witty acquired near $21 million in complete compensation throughout the earlier fiscal yr.

TechCrunch’s Carly Web page contributed reporting.

Do you’re employed at Change Healthcare, Optum or UnitedHealth and know extra in regards to the cyberattack? Get in contact on Sign and WhatsApp at +1 646-755-8849, or by e-mail. You too can ship recordsdata and paperwork through SecureDrop.

UnitedHealth confirming {that a} Russian ransomware gang was behind the Change Healthcare hack is a big improvement within the ongoing battle in opposition to cybercrime. The assault on Change Healthcare, a healthcare know-how firm that’s owned by UnitedHealth, is simply the most recent in a sequence of high-profile ransomware assaults focusing on organizations throughout numerous industries.

The involvement of a Russian ransomware gang on this hack raises issues in regards to the rising risk posed by cybercriminals who function with impunity in sure elements of the world. It additionally highlights the necessity for organizations to take proactive steps to strengthen their cybersecurity defenses and shield delicate knowledge from malicious actors.

In response to the assault, UnitedHealth has acknowledged that they’re working carefully with legislation enforcement authorities and cybersecurity consultants to analyze the breach and handle any vulnerabilities of their techniques. They’ve additionally taken steps to reinforce their safety measures and forestall future assaults.

It’s essential for organizations to prioritize cybersecurity and spend money on sturdy protection mechanisms to guard themselves from ransomware assaults and different types of cyber threats. By staying vigilant and using greatest practices in cybersecurity, companies can decrease the danger of falling sufferer to malicious actors and safeguard their delicate knowledge.


The affirmation {that a} Russian ransomware gang was behind the Change Healthcare hack serves as a stark reminder of the rising risk posed by cybercriminals in at this time’s digital panorama. It underscores the significance of sturdy cybersecurity measures and proactive protection methods to guard organizations from ransomware assaults and different types of cyber threats. By staying knowledgeable, implementing greatest practices, and collaborating with cybersecurity consultants, companies can strengthen their defenses and mitigate the danger of falling sufferer to malicious actors.


1. What steps can organizations take to guard themselves from ransomware assaults?
– Organizations can shield themselves from ransomware assaults by implementing robust cybersecurity measures, coaching workers on cybersecurity greatest practices, recurrently updating software program and techniques, and conducting common safety audits.

2. What ought to organizations do in the event that they fall sufferer to a ransomware assault?
– Within the occasion of a ransomware assault, organizations ought to instantly disconnect contaminated techniques from the community, contact legislation enforcement authorities, and work with cybersecurity consultants to comprise the breach and restore techniques.

3. How can companies collaborate with cybersecurity consultants to reinforce their defenses?
– Companies can collaborate with cybersecurity consultants by conducting common safety assessments, implementing greatest practices in cybersecurity, and investing in superior safety applied sciences to strengthen their defenses in opposition to cyber threats.

We use tools, such as cookies, to enable basic services and functionality on our site and to collect data about how visitors interact with our site, products, and services. By clicking Accept, you agree to our use of these tools for advertising, analytics and support.