BlackCat Ransomware Gang Strikes Again: Cyberattack on Optum Shakes Healthcare Industry
In a shocking turn of events, the notorious BlackCat/ALPHV ransomware gang has claimed responsibility for a devastating cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG). This attack has resulted in a widespread outage that has affected the Change Healthcare platform, the largest payment exchange platform used by over 70,000 pharmacies across the United States. The repercussions of this attack are far-reaching, considering that UHG is the world’s largest healthcare company by revenue, employing a staggering 440,000 people worldwide and collaborating with over 1.6 million physicians and care professionals in 8,000 hospitals and care facilities.
BlackCat, known for its audacious cyberattacks, released a statement on their dark web leak site, claiming to have stolen a massive 6TB of data from Change Healthcare’s network. This stolen data allegedly includes sensitive information belonging to thousands of healthcare providers, insurance providers, and pharmacies. The magnitude of this breach is alarming, as it encompasses critical and sensitive data from various Change Health clients.
The ransomware gang further asserts that they have obtained the source code for Change Healthcare solutions, as well as sensitive information from prominent partners such as the U.S. military’s Tricare healthcare program, the Medicare federal health insurance program, CVS Caremark, MetLife, Health Net, and numerous other healthcare insurance providers. The stolen data contains a vast array of personal information on millions of individuals, including medical records, insurance records, dental records, payments information, claims information, patients’ personally identifiable information (PII) such as phone numbers, addresses, social security numbers, email addresses, and even active U.S. military/navy personnel PII data.
Optum has been diligently working to restore the impacted systems and bring them back online. However, at the time of writing this article, the restoration process is still ongoing. Optum, UnitedHealthcare, and UnitedHealth Group systems have not been affected by the cyberattack, according to a dedicated status page provided by Optum.
While the BlackCat gang has taken credit for the attack, UnitedHealth Group VP Tyler Mason has refrained from confirming their involvement. However, Mason did mention that over 90% of the affected pharmacies have transitioned to new electronic claim procedures to mitigate the issues caused by the Change Healthcare platform outage.
Interestingly, BlackCat has denied allegations that their affiliates exploited a critical ScreenConnect authentication bypass flaw (CVE-2024-1709) during the breach. This contradicts earlier reports from sources familiar with the investigation, as disclosed by BleepingComputer.
The severity of this attack has prompted the FBI, CISA, and the Department of Health and Human Services (HHS) to issue a warning. They highlighted that BlackCat ransomware affiliates primarily target organizations within the U.S. healthcare sector. The agencies revealed that since mid-December 2023, the healthcare sector has been the most frequently victimized, likely in response to an administrator’s post by ALPHV BlackCat encouraging affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023.
This is not the first time BlackCat has wreaked havoc. The FBI has previously linked the ransomware gang to over 60 breaches between November 2021 and March 2022. During this period, the gang amassed a staggering $300 million in ransoms from over 1,000 victims. In an effort to combat their malicious activities, the U.S. State Department is now offering up to $15 million for any information leading to the identification or location of BlackCat gang leaders and individuals associated with their ransomware attacks.
The cyberattack on Optum and the subsequent outage of the Change Healthcare platform have sent shockwaves throughout the healthcare industry. The breach of sensitive data and the potential compromise of millions of individuals’ personal information raises concerns about the security measures in place within the healthcare sector. As organizations continue to grapple with the aftermath of this attack, it is crucial to prioritize cybersecurity and implement robust measures to safeguard sensitive data from the ever-evolving threat landscape.
