![](data:image/svg+xml;charset=utf-8,<svg height="683" width="1024" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Image credits: Craig Lassig/Associated Press
A cyber attack on US health tech giant Change Healthcare has brought much of the US healthcare system to a standstill for the second week in a row.
Hospitals cannot verify insurance benefits for hospitalized patients, process prior authorizations for patient procedures or surgeries, or process billing for medical services. Pharmacies have struggled to decide how much to charge for prescriptions for patients who don’t have access to their health insurance records, with some having to pay out of pocket for expensive drugs and others having to pay for expensive drugs out of pocket. I can’t afford the cost.
Since Change Healthcare abruptly shut down its network on Feb. 21 to contain digital intruders, some smaller medical providers and pharmacies have struggled with their bills without steady reimbursement from insurance giants. The company is struggling to pay staff and staff, and has warned that its cash reserves could dwindle. .
UnitedHealth Group, Change Healthcare’s parent company, said in a government regulatory filing Friday that the company has made “significant progress” in restoring affected systems.
As the short-term impact of the ongoing outage on patients and healthcare providers becomes clearer, questions remain about the security of millions of people’s sensitive medical information handled by Change Healthcare.
A prolific ransomware gang from Russia that took credit for the cyber attack on Change Healthcare has not yet released any evidence, but the personal medical data of millions of patients was stored on the medical technology giant’s systems. He claimed to have stolen a huge bank. In a new development, the ransomware gang seems to have faked its demise and disappeared from the map after receiving millions of dollars worth of cryptocurrency ransom money.
When patient data is stolen, the impact on affected patients can be irreversible and lifelong.
Change Healthcare is one of the world’s largest facilitators of health and medical data and patient records, processing billions of healthcare transactions annually. Since 2022, the health tech giant has been owned by UnitedHealth Group, the largest health insurance company in the United States. Hundreds of thousands of doctors and dentists across the United States, as well as tens of thousands of pharmacies and hospitals, use this tool to bill patients for health insurance benefits.
This size carries special risks. U.S. antitrust regulators allege that UnitedHealth has an unfair competitive advantage by having access to “approximately half of all American health insurance claims that pass through each year,” and that UnitedHealth has been accused of changing healthcare The company filed a lawsuit to prevent its acquisition and merger with its healthcare subsidiary Optum, but the lawsuit was unsuccessful.
Meanwhile, Change Healthcare has so far repeatedly denied whether patient data was compromised in the cyber attack. Still, medical professionals remain concerned that the data-related fallout from the cyber attack is still a long way off.
Amid concerns that the incident “resulted in a large-scale breach of patient and physician information,” the American Medical Association wrote in a March 1 letter to the U.S. government that “data privacy warned of serious concerns. According to reporters, AMA President Jesse Ehrenfeld said Change Healthcare said it was “not clear what data was compromised or stolen.”
The head of cybersecurity for a large U.S. hospital system told TechCrunch that while he is in regular contact with Change and UnitedHealth, he has not heard anything so far regarding the security or integrity of patient records. Ta. Cybersecurity chiefs have expressed alarm that hackers could publish stolen sensitive patient data online.
According to the person, communications with Change gradually escalated from hinting that data may have been compromised, to the point where multiple incident response companies were willing to conduct an active investigation, and how much data had been leaked. This suggests that it is only a matter of time before we find out whether the item was stolen. , and from whom. Customers will bear some of the burden of the hack, the person said, asking not to be named because he was not authorized to speak to the press.
Ransomware group carries out “exit scam”
Now, the hackers seem to have disappeared and the situation has become even more unpredictable.
UnitedHealth initially blamed the cyberattack on unspecified government-backed hackers, but later retracted that claim and blamed Russia-based ransomware and extortion cybercrime group ALPHV. ” (also known as the Black Cat). This group has unknown ties to the government. .
Ransomware and extortion gangs are financially motivated and typically employ dual extortion tactics, first scrambling the victim’s data with file-encrypting malware and then swiping a copy for themselves. It threatens to publish the data online if the ransom demand is not paid.
On March 3, an affiliate of ALPHV/BlackCat (a de facto contractor that earns commissions from the ransomware gang’s malware-based cyberattacks) posted on a cybercrime forum that ALPHV/BlackCat received revenue from its affiliates. I filed a complaint alleging that I had been defrauded. As first reported by the veteran security watchdog’s DataBreaches.net, the affiliate company said in a post that the $22 million allegedly paid by Change Healthcare to decrypt files and prevent a data breach was The ransom money he claimed was stolen by ALPHV/BlackCat.
As proof of their claim, the affiliate provided the exact crypto wallet address that ALPHV/BlackCat allegedly used to receive the ransom two days ago. The wallet showed a single transaction worth $22 million in Bitcoin at the time of payment.
The affiliate added that despite losing some of the ransom money, the stolen data “is still with us,” and that the affected affiliate still has large amounts of stolen confidential medical data and patient data. Indicates that the data can be accessed.
UnitedHealth declined to confirm to reporters whether it had paid the ransom to the hackers, saying the company was focused on the investigation. A spokesperson for the company did not respond to a request from TechCrunch if it disputes reports that it paid a ransom to UnitedHealth.
By March 5th, the ALPHV/BlackCat website had disappeared. Researchers believe this is an exit scam. The hackers flee with their new wealth, never to be seen again, or go into hiding and later reform as a new gang.
The gang’s dark web website was replaced with a splash screen disguised as a law enforcement seizure notice. In December, a global law enforcement operation destroyed some of ALPHV/BlackCat’s infrastructure, but the gang returned and quickly began targeting new victims.But this time, security researchers i doubt it Rather than another legitimate takedown operation, the gang’s own deception is at work.
A spokesperson for the UK’s National Crime Agency, which was involved in the first ALPHV/BlackCat sabotage operation last year, told TechCrunch that the ostensibly seized ALPHV/BlackCat websites “are not the result of NCA activity.” Other global law enforcement agencies also denied involvement in the group’s sudden disappearance.
It is not uncommon for cybercriminal organizations to reorganize or rebrand as a way to combat reputational problems, something they do after being busted by law enforcement or profiting from the illegal profits of their affiliates.
Even if payment is made, there is no guarantee that the hacker will delete your data. Recent global law enforcement actions aimed at disrupting the large-scale LockBit ransomware campaign have shown that victims’ data is not necessarily compromised, as the cybercrime organization claimed it would do if the ransom was paid. It turns out that I wasn’t actually deleting the . Businesses are beginning to realize that paying a ransom does not guarantee the return of their files.
For those on the front lines of healthcare cybersecurity, the worst-case scenario is that stolen patient records become public.
The patient safety and financial implications of this will be felt for years to come, a hospital cybersecurity director told TechCrunch.
Do you work at Change Healthcare, Optum, or UnitedHealth and want to know more about cyberattacks? Contact us on Signal and WhatsApp (+1 646-755-8849) or email. You can also send files and documents via SecureDrop.
