Change Healthcare disclosed Thursday that the ongoing cybersecurity attack plaguing pharmacies and health systems across the U.S. is orchestrated by the Russian-based ransomware group Blackcat. The attack, which has created widespread disruptions, accentuates the growing threat posed by cybercriminals to critical infrastructure and sensitive healthcare data.

Broken Ethernet cable is seen in front of binary code and words "cyber attack" in this illustration taken March 8, 2022.
Reuters / DADO RUVIC

In response to the breach, Change Healthcare has mobilized a team of experts to tackle the issue and is collaborating closely with law enforcement agencies and leading third-party consultants. The company is actively evaluating the impact of the attack on members, patients, and customers, as it works sincerely to mitigate the damage caused.

Tyler Mason, vice president at UnitedHealth, said in a statement to TechCrunch that the cyberattack appears confined to the Change Healthcare division and so far the company investigation "has no indication" that UnitedHealthcare, Optum or UnitedHealth Group systems are impacted.

Partnering with cybersecurity firms Mandiant, a subsidiary of Google, and Palo Alto Networks, Change Healthcare is deploying strong defense mechanisms to fight the cyber threat and safeguard sensitive information. However, the magnitude of the breach, which has already caused the extraction of six terabytes of data, including medical records and payment information, poses huge challenges to containment efforts.

The cyberattack, conducted by Blackcat, exhibits the sophisticated tactics employed by ransomware groups to extort organizations and compromise data security. Known for stealing sensitive data and threatening to publish it unless a ransom is paid, Blackcat has targeted numerous institutions across the U.S. and globally, resulting in substantial financial losses.

The attack on Change Healthcare's systems, which was discovered on February 21, urged for immediate action from parent company UnitedHealth Group. Suspecting a nation-state-associated cyber threat actor behind the breach, UnitedHealth Group promptly isolated and disconnected impacted systems to mitigate further damage.

John Riggi, national advisor for cybersecurity and risk at the American Hospital Association, highlighted the extensive implications of cyberattacks on the healthcare sector. Riggi mentioned the immediate harm caused to patients, as diagnostic technologies such as CT scanners can go offline, and ambulances may be diverted, delaying critical care.

The ongoing cyberattack has made Change Healthcare's systems offline for nine consecutive days, creating doubts about the timeline for restoration. While efforts are underway to contain and remediate the incident, the full extent of the damage and the duration of the disruption remain unknown.

In response to the attack, the U.S. State Department has announced rewards of up to $10 million for information leading to the arrest and conviction of individuals involved in Blackcat ransomware attacks.

As healthcare organizations struggle with the aftermath of cyberattacks, the imperative to upgrade cybersecurity measures and enhance resilience against evolving threats becomes increasingly critical.

Cybercrime Healthcare U.S.